Re: How to authenticate an user via telephone?

From: Scott_Miller@progressive.com
Date: 12/05/02

  • Next message: Chris Berry: "Re: How to authentificate an user via telephon?"
    To: "Marc Cuypers" <m.cuypers@pandora.be>
    From: Scott_Miller@progressive.com
    Date: Thu, 5 Dec 2002 12:58:21 -0500
    
    

    We use a automated process at Progressive to reset password.
    Voice Vault is the company who make it.
    The user calls a number and then repeat a series of numbers in different
    order for the voice recognition.
    The software then changes the password and then tells the user.

                                                                                                                                          
                          "Marc Cuypers"
                          <m.cuypers@pando To: <security-basics@lists.securityfocus.com>
                          ra.be> cc:
                                                   Subject: Re: How to authentificate an user via telephon?
                          12/04/2002 12:44
                          PM
                                                                                                                                          
                                                                                                                                          

    > Hello colleauges,
    >
    > imaging the following situation:
    >
    > User calls the helpdesk to reset/alter some kind
    > of account-password (NT, RAS, PKI-PIN ...) and you
    > has to determin wheter the user is the correct
    > (owner of the account) user. What would you do
    > to authentificate the users identity?
    >
    > What are good methodes to do this? It should be
    > easy for the user but secure for the administration.
    >
    >
    > Robert
    >
    Helpdesk calls user back at a known telephone number (could be a mobile
    number).

    Marc



    Relevant Pages

    • reset password/change at next logon
      ... if your helpdesk staff cannot be ... procedures (including disciplinary action). ... >We have delegated the 'reset password' authority to our ... >the box that says 'user must change password at next ...
      (microsoft.public.win2000.security)
    • reset password/change at next logon
      ... We have delegated the 'reset password' authority to our helpdesk. ... they are abusing this function by changing the password but NOT checking ... the box that says 'user must change password at next logon'. ...
      (microsoft.public.win2000.security)
    • ADAM: How to delegate specific admin rights
      ... ADAM has built-roles - Administrators, Readers, Users. ... to specific delegate rights for Helpdesk to manage some of the ... Of interest is Reset Password, ... Adding a Helpdesk staff to ADAM's Administrators is too drastic, ...
      (microsoft.public.windows.server.active_directory)
    • Active Directory Taskpad Refresh
      ... I have created a taskpad for the helpdesk. ... them only properties, reset password, and disable ... accounts. ...
      (microsoft.public.win2000.active_directory)