mailing list archives
Re: How to authentificate an user via telephon?
From: "kawaii" <trunks () stackers org>
Date: Wed, 4 Dec 2002 12:00:03 -0500
From: "Robert Sieber" <rsieber () web de>
Sent: Tuesday, December 03, 2002 13:50
imaging the following situation:
User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you
has to determin wheter the user is the correct
(owner of the account) user. What would you do
to authentificate the users identity?
What are good methodes to do this? It should be
easy for the user but secure for the administration.
The ways that I've seen are:
1) Have an authenticated user email/call in for the person with the lost
2) Have a secure question that is created by the user (ie: when the user
registers for the account, he also submits three personal questions for
3) Have a PIN/password be used for authentication, with which they can then
change/review their other accts/passwords.
Ever lovable and always scrappy,
"Cunnilingus and psychiatry brought us to this." - Tony Soprano