Security Basics mailing list archives
RE: How to authentificate an user via telephon?
From: "Brian Cook" <BrianM.Cook () trcinc com>
Date: Wed, 4 Dec 2002 12:38:56 -0500
most corporate helpdesks i'm aware of have used either the user's employee number or, where applicable, badge/ID number. where i am, i have the luxury of knowing my coworkers by sight and voice, so when they ask me for a reset, i know who i'm dealing with. (advances in cloning technology may obsolete this method, however...) my personal preference is to establish with the user a confirmation code/phrase which is tied to their login (stored in an IT-only database or tied into active direcotry's structure). somewhat analogous to another poster's "security question" used with ISPs. as a very last resort, faxing identification would work as well, though it'd be tedious and a lot more hassle than the above method. cheers, --bmc -----Original Message----- From: Robert Sieber [mailto:rsieber () web de] Sent: Tuesday, December 03, 2002 7:50 PM To: security-basics () lists securityfocus com Subject: How to authentificate an user via telephon? Hello colleauges, imaging the following situation: User calls the helpdesk to reset/alter some kind of account-password (NT, RAS, PKI-PIN ...) and you has to determin wheter the user is the correct (owner of the account) user. What would you do to authentificate the users identity? What are good methodes to do this? It should be easy for the user but secure for the administration. Robert -- http://board.protecus.de - Firewalls, Security and more ...
Current thread:
- Re: How to authentificate an user via telephon?, (continued)
- Re: How to authentificate an user via telephon? James W. Meritt (Dec 05)
- Re: How to authentificate an user via telephon? Marc Cuypers (Dec 05)
- Re: How to authentificate an user via telephon? J . Reilink (Dec 05)
- Re: How to authentificate an user via telephon? Richard Caley (Dec 05)
- Message not available
- Re: Switch and Hub Testing Project Julian Young (Dec 09)
- RE: How to authentificate an user via telephon? Bent.Mathiesen (Dec 04)
- Re: How to authentificate an user via telephon? Torsten Mueller (Dec 05)
- Re: How to authentificate an user via telephon? Margles Singleton (Dec 04)
- RE: How to authentificate an user via telephon? Champion, Steve (Dec 04)
- RE: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Brian Cook (Dec 05)
- RE: How to authentificate an user via telephon? Schuler, Jeff (Dec 05)
- RE: How to authentificate an user via telephon? McLaughlin, Bryan (Dec 05)
- AW: How to authentificate an user via telephon? Robert Sieber (Dec 05)
- RE: How to authentificate an user via telephon? Darryl W. Malcolm (Dec 05)
- RE: How to authentificate an user via telephon? Art Tarsha (Dec 05)
- Re: How to authentificate an user via telephon? Chris Berry (Dec 06)
- Re: RE: How to authentificate an user via telephon? Robert Sieber (Dec 06)
- RE: How to authentificate an user via telephon? mario . walter (Dec 06)
- RE: How to authentificate an user via telephon? Gary Turovsky (Dec 06)
- RE: How to authentificate an user via telephon? Mark Medici (Dec 06)