Security Basics mailing list archives

RE: How to authentificate an user via telephon?

From: "Gary Turovsky" <GTurovsky () tpgstaffing com>
Date: Fri, 6 Dec 2002 11:30:29 -0600

I have to say that I think thats a very insecure 
authentication method.  Our 
company deals heavily with finding people, and getting 
information about 
them, and I can say from experience here that getting 
someone's SSN and 
birthdate is a trivial task.  You'd be much better off with 
another system 
such as the three authenticating questions someone propsed 
earlier.  I also 
recommend PasswordSafe from www.counterpane.com its a free 
product that 
allows you to manage multiple passwords in a secure 448bit blowfish 
encrypted storage. (that should help your users from forgetting their 
passwords all the time)


Except when they forget the passphrase for their encrypted passwords :)

Current thread:

RE: How to authentificate an user via telephon?, (continued)
- - RE: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Brian Cook (Dec 05)
- RE: How to authentificate an user via telephon? Schuler, Jeff (Dec 05)
- RE: How to authentificate an user via telephon? McLaughlin, Bryan (Dec 05)
  - AW: How to authentificate an user via telephon? Robert Sieber (Dec 05)
- RE: How to authentificate an user via telephon? Darryl W. Malcolm (Dec 05)
- RE: How to authentificate an user via telephon? Art Tarsha (Dec 05)
- Re: How to authentificate an user via telephon? Chris Berry (Dec 06)
- Re: RE: How to authentificate an user via telephon? Robert Sieber (Dec 06)
- RE: How to authentificate an user via telephon? mario . walter (Dec 06)
- RE: How to authentificate an user via telephon? Gary Turovsky (Dec 06)
- RE: How to authentificate an user via telephon? Mark Medici (Dec 06)
- RE: How to authentificate an user via telephon? Chris Berry (Dec 06)