RE: How to authentificate an user via telephon?

["Darryl W. Malcolm" <DMalcolm () acuent com>]

There are on the market utilities which will let users reset their own
password through a series of personal questions

-----Original Message-----
From: Bent.Mathiesen () swisscom com [mailto:Bent.Mathiesen () swisscom com]
Sent: Wednesday, December 04, 2002 12:00 PM
To: security-basics () lists securityfocus com
Cc: rsieber () web de
Subject: RE: How to authentificate an user via telephon?


Hi Robert

There are a lot of scenarios.

However, for the "ups, I typed wrong 3x in a row", I have seen the
following solution:
A voice-recognition system, where you can call a system and through a
menu and auto generated number sequence (that need to be repeated with
your voice) can reset your account. Work 24/7 - if you want.

Other solution, call superusers ?


Best regards

  Bent



-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de] 
Sent: Tuesday, December 03, 2002 7:50 PM
To: security-basics () lists securityfocus com
Subject: How to authentificate an user via telephon?


Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you 
has to determin wheter the user is the correct 
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

-- 
http://board.protecus.de - Firewalls, Security and more ...