Re: How to authentificate an user via telephon?
From: Valter Santos (vsantola@devfusion.net)
Date: 12/05/02
- Previous message: Valter Santos: "RE: How to authentificate an user via telephon?"
- In reply to: Gene Barlow: "Re: How to authentificate an user via telephon?"
- Next in thread: Gene: "Re: How to authentificate an user via telephon?"
- Reply: Gene: "Re: How to authentificate an user via telephon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Valter Santos <vsantola@devfusion.net> To: Gene Barlow <btraquer@att.net> Date: 05 Dec 2002 17:55:10 +0000
Hello Gene,
but that sollution will fail for a person-target attack... I can find
with little effort the ssn & birthdate of a target person and pretend to
be her/he.
I suppose the callback sollution is better, althought as it flaws 8-(
cheers,
/valter
On Wed, 2002-12-04 at 17:27, Gene Barlow wrote:
> Robert,
>
> Currently, I'm in the process of getting approval on a new procedure
> for doing just that. If approved, we'll write a script that will query
> the last 4 digits of the users ssn & birthdate against our ERP software.
> So, for instance, if John Doe calls and requests a password change,
> we'll ask for the last 4 digits of the ssn and their birthdate, type it
> in the script, and see if that user's name is returned in the response.
> If so, we know (hopefully) that the user is who he says he is...
>
> Hope this helps...
> Gene...
>
> Robert Sieber wrote:
>
> >Hello colleauges,
> >
> >imaging the following situation:
> >
> >User calls the helpdesk to reset/alter some kind
> >of account-password (NT, RAS, PKI-PIN ...) and you
> >has to determin wheter the user is the correct
> >(owner of the account) user. What would you do
> >to authentificate the users identity?
> >
> >What are good methodes to do this? It should be
> >easy for the user but secure for the administration.
> >
> >
> >Robert
> >
>
-- ---..---..---..---..---..---..---..---..---..---..---..---..---- Valter Santos vsantola@devfusion.net ||| http://devfusion.net/~vsantola/keys/ (@ @) ------------------------------------------oOO--(_)--OOo---------
- application/pgp-signature attachment: This is a digitally signed message part
- Next message: Art Tarsha: "RE: How to authentificate an user via telephon?"
- Previous message: Valter Santos: "RE: How to authentificate an user via telephon?"
- In reply to: Gene Barlow: "Re: How to authentificate an user via telephon?"
- Next in thread: Gene: "Re: How to authentificate an user via telephon?"
- Reply: Gene: "Re: How to authentificate an user via telephon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
