Robert:
The usual procedure that I've seen with ISP's (and one we will probably
end up using) is to include in the signup documents a security question.
It could be something like "What is your mother's maiden name," or
something really strange like "What was the name of your first childhood
pet," or something similar. Basically, it would be a question that only
the rightful account owner would know the answer to, and provide a
reasonable amount of security for the ISP for legal purposes.
Matthew
__
Matthew S. McCleary, hayduke_at_socorroisp.com
Systems Administrator, Socorro ISP Inc., http://www.socorroisp.com/
On Tue, 3 Dec 2002, Robert Sieber wrote:
> Hello colleauges,
>
> imaging the following situation:
>
> User calls the helpdesk to reset/alter some kind
> of account-password (NT, RAS, PKI-PIN ...) and you
> has to determin wheter the user is the correct
> (owner of the account) user. What would you do
> to authentificate the users identity?
>
> What are good methodes to do this? It should be
> easy for the user but secure for the administration.
>
>
> Robert
>
> --
> http://board.protecus.de - Firewalls, Security and more ...
>
>
>
>
Received on Dec 04 2002
Intro
