Educause Security Discussion mailing list archives
Re: Authentication of remote users
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 4 Jan 2008 17:18:46 -0500
On Fri, 04 Jan 2008 14:54:05 EST, Joel Rosenblatt said:
Joking aside, this is a really hard problem to solve and I don't think that I've seen a really good answer for this yet.
One needs to keep in mind that perhaps "really good" isn't required here, just "good enough". For instance, if the user is "remote" and can't come in person, it may very well be "good enough" to get a fax of the ID - although that may indeed not prove it's the person, it proves the person has possession of the ID. And if the real user dropped his wallet somewhere in Rome, what are the chances that the person who picked it up will have any interest in hacking into your site? Remember - we're not talking about a Visa card that has some rather general usages. Yes, it's *possible* that the pickpocket in Warsaw is an alumnus who is still upset about that failing grade he got 20 years ago and recognizes that obtaining an active account is the first step towards hacking in and fixing the grade he got, but at some point you really have to say "What are the *realistic* chances?"...
Attachment:
_bin
Description:
Current thread:
- Re: Authentication of remote users, (continued)
- Re: Authentication of remote users charlie derr (Jan 03)
- Re: Authentication of remote users Roger Safian (Jan 03)
- Re: Authentication of remote users Cal Frye (Jan 03)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Gary Flynn (Jan 04)
- Re: Authentication of remote users Hunt,Keith A (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Gary Flynn (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Valdis Kletnieks (Jan 04)
- Re: Authentication of remote users Hunt,Keith A (Jan 04)
- Re: Authentication of remote users Jim Dillon (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Valdis Kletnieks (Jan 04)