Educause Security Discussion mailing list archives

Re: Authentication of remote users

From: Cal Frye <cjf () CALFRYE COM>
Date: Thu, 3 Jan 2008 12:45:50 -0500

Gary Flynn wrote:



Lets say you have a user that:

1) forgot their password
2) forgot their answers to their secret question(s)
3) is traveling making visiting the helpdesk impossible

Lets also say asking for last four digits of SSN is
not allowed.

How do you authenticate the identity of the user and
allow them to change their password?

Here we require they fax (or sometimes an email will do) a photocopy of
their ID card, which does not itself contain SSN data, but our internal
ID number instead.

--
Regards,
-- Cal Frye, Network Administrator, Oberlin College

   www.calfrye.com,  www.pitalabs.com

"In war, truth is the first casualty." -- Aeschylus.

Current thread:

Authentication of remote users Gary Flynn (Jan 03)
- <Possible follow-ups>
- Re: Authentication of remote users Robert Paterson (Jan 03)
- Re: Authentication of remote users Cal Frye (Jan 03)
- Re: Authentication of remote users Bob Bayn (Jan 03)
- Re: Authentication of remote users Scott Fendley (Jan 03)
- Re: Authentication of remote users Kees Leune (Jan 03)
- Re: Authentication of remote users Christopher Webber (Jan 03)
- Re: Authentication of remote users Dave Mueller (Jan 03)
- Re: Authentication of remote users Hunt,Keith A (Jan 03)
- Re: Authentication of remote users Andrea Beesing (Jan 03)
- Re: Authentication of remote users Robert Paterson (Jan 03)
- Re: Authentication of remote users Scott Koger (Jan 03)
- Re: Authentication of remote users Tom Peterson (Jan 03)

(Thread continues...)