Educause Security Discussion mailing list archives
Re: Authentication of remote users
From: Kees Leune <LEUNE () ADELPHI EDU>
Date: Thu, 3 Jan 2008 13:26:53 -0500
On 1/3/2008 at 12:54 PM, in message <01MPNK1PXU5Y8ZE3RK () cc usu edu>, Bob Bayn
<Bob.Bayn () USU EDU> wrote:
Lets say you have a user that: 1) forgot their password 2) forgot their answers to their secret question(s) 3) is traveling making visiting the helpdesk impossible Lets also say asking for last four digits of SSN is not allowed. How do you authenticate the identity of the user and allow them to change their password?We require a familiar voice on the phone, possibly involving an on-campus co-worker. For instance, Prof X calls from Ublickistan to his dept secretary Sally who makes a conference call to the ServiceDesk. The phone at the servicedesk shows that the call is from sally's office and we know sally because she calls us several times a week with computer problems.
How do you go about authenticating students with lost credentials? Obviously, the known-coworker approach does not work there. We are now considering letting them register an alternative email address to which we will send a one-time use password reset token. Thanks, -Kees
Current thread:
- Authentication of remote users Gary Flynn (Jan 03)
- <Possible follow-ups>
- Re: Authentication of remote users Robert Paterson (Jan 03)
- Re: Authentication of remote users Cal Frye (Jan 03)
- Re: Authentication of remote users Bob Bayn (Jan 03)
- Re: Authentication of remote users Scott Fendley (Jan 03)
- Re: Authentication of remote users Kees Leune (Jan 03)
- Re: Authentication of remote users Christopher Webber (Jan 03)
- Re: Authentication of remote users Dave Mueller (Jan 03)
- Re: Authentication of remote users Hunt,Keith A (Jan 03)
- Re: Authentication of remote users Andrea Beesing (Jan 03)
- Re: Authentication of remote users Robert Paterson (Jan 03)
- Re: Authentication of remote users Scott Koger (Jan 03)
- Re: Authentication of remote users Tom Peterson (Jan 03)
- Re: Authentication of remote users Chris Vakhordjian (Jan 03)
- Re: Authentication of remote users Joel Rosenblatt (Jan 03)
- Re: Authentication of remote users Roger Safian (Jan 03)
(Thread continues...)