Re: Authentication of remote users

["Hunt,Keith A" <keith () UAKRON EDU>]

> -----Original Message-----
> From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU]
> Sent: Friday, January 04, 2008 5:19 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Authentication of remote users
>
> On Fri, 04 Jan 2008 14:54:05 EST, Joel Rosenblatt said:
>
> > Joking aside, this is a really hard problem to solve and I don't
> think that
> > I've seen a really good answer for this yet.
>
> One needs to keep in mind that perhaps "really good" isn't required
> here, just
> "good enough".  For instance, if the user is "remote" and can't come
in
> person,
> it may very well be "good enough" to get a fax of the ID - although
> that may
> indeed not prove it's the person, it proves the person has possession
> of the
> ID.  And if the real user dropped his wallet somewhere in Rome, what
> are the
> chances that the person who picked it up will have any interest in
> hacking
> into your site?  Remember - we're not talking about a Visa card that
> has some
> rather general usages.
>
> Yes, it's *possible* that the pickpocket in Warsaw is an alumnus who
is
> still
> upset about that failing grade he got 20 years ago and recognizes that
> obtaining an active account is the first step towards hacking in and
> fixing the
> grade he got, but at some point you really have to say "What are the
> *realistic* chances?"...

Quite true, but I am not worried so much about the one who drops her
wallet in Rome. I am more concerned with the one who loses it in the
Student Union or at the local disco.

Keith Hunt  330.972.7968  keith () uakron edu 
Internet & Server Systems 
The University of Akron