Security Basics mailing list archives
Re: How to authentificate an user via telephon?
From: "Chris Berry" <compjma () hotmail com>
Date: Thu, 05 Dec 2002 14:27:56 -0800
From: Gene Barlow <btraquer () att net>Currently, I'm in the process of getting approval on a new procedure for doing just that. If approved, we'll write a script that will query the last 4 digits of the users ssn & birthdate against our ERP software. So, for instance, if John Doe calls and requests a password change, we'll ask for the last 4 digits of the ssn and their birthdate, type it in the script, and see if that user's name is returned in the response. If so, we know (hopefully) that the user is who he says he is...
I have to say that I think thats a very insecure authentication method. Our company deals heavily with finding people, and getting information about them, and I can say from experience here that getting someone's SSN and birthdate is a trivial task. You'd be much better off with another system such as the three authenticating questions someone propsed earlier. I also recommend PasswordSafe from www.counterpane.com its a free product that allows you to manage multiple passwords in a secure 448bit blowfish encrypted storage. (that should help your users from forgetting their passwords all the time)
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Live dangerously, overclock your servers." _________________________________________________________________Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
Current thread:
- Re: How to authentificate an user via telephon?, (continued)
- Re: How to authentificate an user via telephon? Torsten Mueller (Dec 05)
- Re: How to authentificate an user via telephon? Margles Singleton (Dec 04)
- RE: How to authentificate an user via telephon? Champion, Steve (Dec 04)
- RE: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Brian Cook (Dec 05)
- RE: How to authentificate an user via telephon? Schuler, Jeff (Dec 05)
- RE: How to authentificate an user via telephon? McLaughlin, Bryan (Dec 05)
- AW: How to authentificate an user via telephon? Robert Sieber (Dec 05)
- RE: How to authentificate an user via telephon? Darryl W. Malcolm (Dec 05)
- RE: How to authentificate an user via telephon? Art Tarsha (Dec 05)
- Re: How to authentificate an user via telephon? Chris Berry (Dec 06)
- Re: RE: How to authentificate an user via telephon? Robert Sieber (Dec 06)
- RE: How to authentificate an user via telephon? mario . walter (Dec 06)
- RE: How to authentificate an user via telephon? Gary Turovsky (Dec 06)
- RE: How to authentificate an user via telephon? Mark Medici (Dec 06)
- RE: How to authentificate an user via telephon? Chris Berry (Dec 06)