Educause Security Discussion mailing list archives
Re: Authentication of remote users
From: "Hunt,Keith A" <keith () UAKRON EDU>
Date: Fri, 4 Jan 2008 18:35:46 -0500
-----Original Message----- From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU] Sent: Friday, January 04, 2008 5:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Authentication of remote users On Fri, 04 Jan 2008 14:54:05 EST, Joel Rosenblatt said:Joking aside, this is a really hard problem to solve and I don'tthink thatI've seen a really good answer for this yet.One needs to keep in mind that perhaps "really good" isn't required here, just "good enough". For instance, if the user is "remote" and can't come
in
person, it may very well be "good enough" to get a fax of the ID - although that may indeed not prove it's the person, it proves the person has possession of the ID. And if the real user dropped his wallet somewhere in Rome, what are the chances that the person who picked it up will have any interest in hacking into your site? Remember - we're not talking about a Visa card that has some rather general usages. Yes, it's *possible* that the pickpocket in Warsaw is an alumnus who
is
still upset about that failing grade he got 20 years ago and recognizes that obtaining an active account is the first step towards hacking in and fixing the grade he got, but at some point you really have to say "What are the *realistic* chances?"...
Quite true, but I am not worried so much about the one who drops her wallet in Rome. I am more concerned with the one who loses it in the Student Union or at the local disco. Keith Hunt 330.972.7968 keith () uakron edu Internet & Server Systems The University of Akron
Current thread:
- Re: Authentication of remote users, (continued)
- Re: Authentication of remote users Roger Safian (Jan 03)
- Re: Authentication of remote users Cal Frye (Jan 03)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Gary Flynn (Jan 04)
- Re: Authentication of remote users Hunt,Keith A (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Gary Flynn (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Valdis Kletnieks (Jan 04)
- Re: Authentication of remote users Hunt,Keith A (Jan 04)
- Re: Authentication of remote users Jim Dillon (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Valdis Kletnieks (Jan 04)