Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Authentication of remote users

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Thu, 3 Jan 2008 16:02:03 -0500
We ask them for the number on their ID card (it's not their SSN :-)

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Thursday, January 03, 2008 10:54 AM -0700 Bob Bayn <Bob.Bayn () USU EDU> wrote:


Lets say you have a user that:

1) forgot their password
2) forgot their answers to their secret question(s)
3) is traveling making visiting the helpdesk impossible

Lets also say asking for last four digits of SSN is
not allowed.

How do you authenticate the identity of the user and
allow them to change their password?


We require a familiar voice on the phone, possibly
involving an on-campus co-worker.  For instance,
Prof X calls from Ublickistan to his dept secretary
Sally who makes a conference call to the ServiceDesk.
The phone at the servicedesk shows that the call
is from sally's office and we know sally because
she calls us several times a week with computer
problems.

Bob
Utah State University




Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Previous By Date Next
Previous By Thread Next

Current thread: