Security Basics mailing list archives
Re: remote authentication
From: Abe Getchell <me () abegetchell com>
Date: Thu, 13 Mar 2008 20:44:32 -0400
...but then you have an even BIGGER problem, as giving the password to a third party makes that third party accountable. If I were managing a group of people in a situation such as this, and part of a process was to send passwords along to my users, I would be quite uncomfortable. For example, if "Jimmy" has access to sensitive information, and records show that Jimmy accessed this information and used it for purposes other than directed, I could be held accountable because I knew Jimmy's password and was able to gain access to resources using his account (even if the password had been changed). - Abe Getchell me () abegetchell com http://abegetchell.com/ On Thu, 2008-03-13 at 11:40 -0700, Ali, Saqib wrote:
On Wed, Mar 12, 2008 at 5:17 PM, Murda Mcloud <murdamcloud () bigpond com> wrote:But only if they need a PIN to access voicemail?If the VM is not protected using a PIN, then they have a bigger problem. Another option is to give the user's password to their manager. And ask the user to contact their manager to retrieve the password. The managers tend to recognize the voice and talking style of their direct reports. Voice and talking style could be used to authenticate the user by their managers. Not the most elegant way, but it is inexpensive and doesn't require additional infrastructure..... saqib http://doctrina.wordpress.com/
Current thread:
- compailing site Juan B (Mar 10)
- Re: compailing site PCSC Information Services (Mar 10)
- RE: compailing site Murda Mcloud (Mar 11)
- Re: compailing site Jacob Jennings (Mar 12)
- remote authentication Lovena J Reddi (Mar 12)
- RE: remote authentication Worrell, Brian (Mar 12)
- RE: remote authentication Lovena J Reddi (Mar 12)
- Re: remote authentication Ali, Saqib (Mar 12)
- RE: remote authentication Murda Mcloud (Mar 13)
- Re: remote authentication Ali, Saqib (Mar 13)
- Re: remote authentication Abe Getchell (Mar 14)
- Message not available
- Re: remote authentication Abe Getchell (Mar 14)
- Re: remote authentication Ali, Saqib (Mar 14)
- Re: remote authentication Ali, Saqib (Mar 17)
- Re: remote authentication Rodrigo Blanco (Mar 18)
- remote authentication Lovena J Reddi (Mar 12)
- RE: compailing site John Bond (Mar 17)
- <Possible follow-ups>
- Re: compailing site ushacker20002001 (Mar 11)