Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to authentificate an user via telephon?

From: Matthew McCleary <hayduke () m-mountain com>
Date: Wed, 4 Dec 2002 10:02:02 -0700 (MST)
Robert:

The usual procedure that I've seen with ISP's (and one we will probably
end up using) is to include in the signup documents a security question.
It could be something like "What is your mother's maiden name," or
something really strange like "What was the name of your first childhood
pet," or something similar. Basically, it would be a question that only
the rightful account owner would know the answer to, and provide a
reasonable amount of security for the ISP for legal purposes.

Matthew

__
Matthew S. McCleary, hayduke () socorroisp com
Systems Administrator, Socorro ISP Inc., http://www.socorroisp.com/

On Tue, 3 Dec 2002, Robert Sieber wrote:


Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you
has to determin wheter the user is the correct
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

--
http://board.protecus.de - Firewalls, Security and more ...
Previous By Date Next
Previous By Thread Next

Current thread: