Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How to authentificate an user via telephon?

From: "McLaughlin, Bryan" <bsm14096 () ad creighton edu>
Date: Wed, 4 Dec 2002 11:42:57 -0600
Robert,

In a past life we would send the new password to a known email address
for the person whose account is reset. If email is not available we
would leave the reset password on the users voice mail.  Both systems
would only be accessible by the person whose account is reset.  If
someone other than the owner of the account requests a reset, the
account is still safe, assuming email and vmail are secure.

Bryan

-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de] 
Sent: Tuesday, December 03, 2002 12:50 PM
To: security-basics () lists securityfocus com
Subject: How to authentificate an user via telephon?

Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you 
has to determin wheter the user is the correct 
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

-- 
http://board.protecus.de - Firewalls, Security and more ...
Previous By Date Next
Previous By Thread Next

Current thread: