Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote authentication

From: Abe Getchell <me () abegetchell com>
Date: Thu, 13 Mar 2008 20:44:32 -0400
...but then you have an even BIGGER problem, as giving the password to a
third party makes that third party accountable. If I were managing a
group of people in a situation such as this, and part of a process was
to send passwords along to my users, I would be quite uncomfortable. For
example, if "Jimmy" has access to sensitive information, and records
show that Jimmy accessed this information and used it for purposes other
than directed, I could be held accountable because I knew Jimmy's
password and was able to gain access to resources using his account
(even if the password had been changed).

-  
Abe Getchell
me () abegetchell com
http://abegetchell.com/


On Thu, 2008-03-13 at 11:40 -0700, Ali, Saqib wrote:

On Wed, Mar 12, 2008 at 5:17 PM, Murda Mcloud <murdamcloud () bigpond com> wrote:

But only if they need a PIN to access voicemail?


If the VM is not protected using a PIN, then they have a bigger problem.

Another option is to give the user's password to their manager. And
ask the user to contact their manager to retrieve the password. The
managers tend to recognize the voice and talking style of their direct
reports. Voice and talking style could be used to authenticate the
user by their managers.

Not the most elegant way, but it is inexpensive and doesn't require
additional infrastructure.....

saqib
http://doctrina.wordpress.com/
Previous By Date Next
Previous By Thread Next

Current thread: