Re: Authentication of remote users

[Christopher Webber <christopher.webber () UCR EDU>]

Just a thought... With students there are all sorts of pieces of
personally identifiable information it the Student Information System
like home/permanent address, class schedule, major, etc. While it is not
the most secure it might be a direction to go with students.

Christopher Webber, SCSA
Resnet Coordinator
Housing Services
University of California, Riverside

Office: 951.827.6595
Fax: 951.827.7099



Some things Man was never meant to know. For everything else, there's Google.
- Unknown



Kees Leune wrote:
> > > > On 1/3/2008 at 12:54 PM, in message <01MPNK1PXU5Y8ZE3RK () cc usu edu>, Bob Bayn
> <Bob.Bayn () USU EDU> wrote:
>
>
> > > Lets say you have a user that:
> > >
> > > 1) forgot their password
> > > 2) forgot their answers to their secret question(s)
> > > 3) is traveling making visiting the helpdesk impossible
> > >
> > > Lets also say asking for last four digits of SSN is
> > > not allowed.
> > >
> > > How do you authenticate the identity of the user and
> > > allow them to change their password?
> > We require a familiar voice on the phone, possibly
> > involving an on-campus co-worker.  For instance,
> > Prof X calls from Ublickistan to his dept secretary
> > Sally who makes a conference call to the ServiceDesk.
> > The phone at the servicedesk shows that the call
> > is from sally's office and we know sally because
> > she calls us several times a week with computer
> > problems.
>
> How do you go about authenticating students with lost credentials? Obviously, the known-coworker approach does not work 
> there. We are now considering letting them register an alternative email address to which we will send a one-time use 
> password reset token.
>
> Thanks,
> -Kees

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature