Re: RE: How to authentificate an user via telephon?
From: Robert Sieber (rsieber@web.de)
Date: 12/06/02
- Previous message: Hasnain Atique: "Re: Preventing DHCP from allocating IPs"
- Maybe in reply to: Art Tarsha: "RE: How to authentificate an user via telephon?"
- Next in thread: Chris Berry: "Re: How to authentificate an user via telephon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 6 Dec 2002 07:51:05 +0100 From: Robert Sieber <rsieber@web.de> To: security-basics@lists.securityfocus.com
Darryl,
the Programm PasswordStation sounds really great - if the costumer have a single sign on it would be the best solution!
Robert
"Darryl W. Malcolm" <DMalcolm@acuent.com> schrieb am 05.12.02 23:26:23:
> Avatier has a product which would allow users to reset their own passwords
>
> -----Original Message-----
> From: Robert Sieber [mailto:rsieber@web.de]
> Sent: Wednesday, December 04, 2002 1:51 PM
> To: security-basics@lists.securityfocus.com
> Subject: AW: How to authentificate an user via telephon?
>
>
> Thanks for all replies!
>
> For me it ist a very hard question because I don't
> know where all of the up to 20.000 clients are
> located - there are also RAS users with tokens
> ode PKI chipcards. The other problem is that all
> clients are employed by bank institutes and so
> passwords are more critical than in other cases
>
> I thought about th following procedurs:
>
> - help desk has two telephone numbers
> - the client will get a call back from help
> desk
>
> Well, lets see.
>
> Robert
>
> > -----Ursprungliche Nachricht-----
> > Von: bsm14096@ad.creighton.edu [mailto:bsm14096@ad.creighton.edu]
> > Gesendet: Mittwoch, 4. Dezember 2002 18:43
> > An: Robert Sieber; security-basics@lists.securityfocus.com
> > Betreff: RE: How to authentificate an user via telephon?
> >
> >
> > Robert,
> >
> > In a past life we would send the new password to a known email address
> > for the person whose account is reset. If email is not available we
> > would leave the reset password on the users voice mail. Both systems
> > would only be accessible by the person whose account is reset. If
> > someone other than the owner of the account requests a reset, the
> > account is still safe, assuming email and vmail are secure.
> >
> > Bryan
> >
> > -----Original Message-----
> > From: Robert Sieber [mailto:rsieber@web.de]
> > Sent: Tuesday, December 03, 2002 12:50 PM
> > To: security-basics@lists.securityfocus.com
> > Subject: How to authentificate an user via telephon?
> >
> > Hello colleauges,
> >
> > imaging the following situation:
> >
> > User calls the helpdesk to reset/alter some kind
> > of account-password (NT, RAS, PKI-PIN ...) and you
> > has to determin wheter the user is the correct
> > (owner of the account) user. What would you do
> > to authentificate the users identity?
> >
> > What are good methodes to do this? It should be
> > easy for the user but secure for the administration.
> >
> >
> > Robert
> >
> > --
> > http://board.protecus.de - Firewalls, Security and more ...
> >
> >
> >
> >
> >
______________________________________________________________________________
Wie ware das: mehrere E-Mail Adressen - aber nur ein Postfach ?
Kein Problem mit WEB.DE FreeMail - http://freemail.web.de/features/?mc=021127
- Next message: CTillett@harcourt.com: "RE: Preventing DHCP from allocating IPs"
- Previous message: Hasnain Atique: "Re: Preventing DHCP from allocating IPs"
- Maybe in reply to: Art Tarsha: "RE: How to authentificate an user via telephon?"
- Next in thread: Chris Berry: "Re: How to authentificate an user via telephon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
