Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How to authentificate an user via telephon?

From: Art Tarsha <atarsha () totality com>
Date: Thu, 5 Dec 2002 09:57:24 -0800 
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RSA-mobile utilizes cellphones, wireless devices, pagers etc, for 2-factor
authentication
that could be a viable solution depending on cost to implement and cost to
manage. I would think it would cut down on calls regarding passwords if the
user could do 2-factor authentication and change their own password or
recover their password.

Art

- -----Original Message-----
From: Marc Cuypers [mailto:m.cuypers () pandora be]
Sent: Wednesday, December 04, 2002 9:45 AM
To: security-basics () lists securityfocus com
Subject: Re: How to authentificate an user via telephon?



Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you
has to determin wheter the user is the correct
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert


Helpdesk calls user back at a known telephone number (could be a mobile
number).

Marc

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 294) Beta

iQA/AwUBPe+Tg2A74hgoOiMoEQK5WQCbBxo2ERZ+hfmoJFk8z7IumSu9gxoAni85
pHAKhEU8UqmHnDA5uBYnvqGV
=YnFN
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: