Educause Security Discussion mailing list archives
Re: Authentication of remote users
From: Scott Fendley <scottf () UARK EDU>
Date: Thu, 3 Jan 2008 12:03:01 -0600
Ooooo. That is a loaded question. I have seen two different ways that banks have done this. 1) Ask you questions about bank account such as a check # and amount. 2) Ask you which branch you visit most often and ship you off there to be authenticated by a teller who is most likely to know you from the number of visits you make. (My bank makes their tellers learn their customer's names within 2 visits so hopefully they will know you are called Stef versus Stephanie and make you willing to come back again.) Both of these have faults to them and haven't had occasion to test them in the past few years to see if they have another alternative should you need access to your money and can't go through normal procedures like visiting your local branch with photo id. Scott At 11:43 AM 1/3/2008, Robert Paterson wrote:
How does your bank? Best, Rob Dr. Robert Paterson Chief Information Officer Salem State College Salem MA 01970 robert.paterson () salemstate edu 978-542-6446 >>> On 1/3/2008 at 12:40 PM, in message <477D1E2B.5060100 () jmu edu>, Gary Flynn <flynngn () JMU EDU> wrote: Lets say you have a user that: 1) forgot their password 2) forgot their answers to their secret question(s) 3) is traveling making visiting the helpdesk impossible Lets also say asking for last four digits of SSN is not allowed. How do you authenticate the identity of the user and allow them to change their password? -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Authentication of remote users Gary Flynn (Jan 03)
- <Possible follow-ups>
- Re: Authentication of remote users Robert Paterson (Jan 03)
- Re: Authentication of remote users Cal Frye (Jan 03)
- Re: Authentication of remote users Bob Bayn (Jan 03)
- Re: Authentication of remote users Scott Fendley (Jan 03)
- Re: Authentication of remote users Kees Leune (Jan 03)
- Re: Authentication of remote users Christopher Webber (Jan 03)
- Re: Authentication of remote users Dave Mueller (Jan 03)
- Re: Authentication of remote users Hunt,Keith A (Jan 03)
- Re: Authentication of remote users Andrea Beesing (Jan 03)
- Re: Authentication of remote users Robert Paterson (Jan 03)
- Re: Authentication of remote users Scott Koger (Jan 03)
- Re: Authentication of remote users Tom Peterson (Jan 03)
- Re: Authentication of remote users Chris Vakhordjian (Jan 03)
- Re: Authentication of remote users Joel Rosenblatt (Jan 03)
(Thread continues...)