WebApp Sec mailing list archives
Re: User verification questions
From: Mark Jeftovic <markjr () easydns com>
Date: Tue, 11 Oct 2005 12:00:02 -0400
Andrew van der Stock wrote:
b) if it's to recover access to an account, even e-mail or SMS resets are stronger than this - they are almost a "something you have, something you know". If you value your accounts, nothing beats face to face contact. Evidence of identity is essential for trust in the account.
So what do you do if the problem is a lost password coupled with all available email addresses, phone numbers and postal addresses being stale or defunct? Lets say for an account with an ASP based in North America and a user in New Zealand?
-mark -- Mark Jeftovic <mark () easydns com> easyDNS Technologies Inc. ph: +1-(416)-535-8672 ext 225 fx: +1-(866)-273-2892
Current thread:
- User verification questions Derick Anderson (Oct 11)
- Re: User verification questions Andrew van der Stock (Oct 11)
- Re: User verification questions Mark Jeftovic (Oct 11)
- Re: User verification questions Yousef Syed (Oct 13)
- Re: User verification questions John Manko (Oct 11)
- <Possible follow-ups>
- RE: User verification questions Derick Anderson (Oct 11)
- RE: User verification questions Auri Rahimzadeh (Oct 11)
- RE: User verification questions Derick Anderson (Oct 11)
- Re: User verification questions bryan allott (Oct 12)
- RE: User verification questions Auri Rahimzadeh (Oct 12)
- Re: User verification questions bryan allott (Oct 12)
- RE: User verification questions Auri Rahimzadeh (Oct 11)
- RE: User verification questions Derick Anderson (Oct 12)
- Re: User verification questions Gary Gwin (Oct 13)
- Re: User verification questions Andrew van der Stock (Oct 11)