Hi Robert
There are a lot of scenarios.
However, for the "ups, I typed wrong 3x in a row", I have seen the
following solution:
A voice-recognition system, where you can call a system and through a
menu and auto generated number sequence (that need to be repeated with
your voice) can reset your account. Work 24/7 - if you want.
Other solution, call superusers ?
Best regards
Bent
-----Original Message-----
From: Robert Sieber [mailto:rsieber_at_web.de]
Sent: Tuesday, December 03, 2002 7:50 PM
To: security-basics_at_lists.securityfocus.com
Subject: How to authentificate an user via telephon?
Hello colleauges,
imaging the following situation:
User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you
has to determin wheter the user is the correct
(owner of the account) user. What would you do
to authentificate the users identity?
What are good methodes to do this? It should be
easy for the user but secure for the administration.
Robert
--
http://board.protecus.de - Firewalls, Security and more ...
Received on Dec 04 2002
Intro
