At 01:54 PM 2/5/2003 -0600, you wrote: >We have a sensitive site that requires that we know WHO is on the site and >that the information that have given us is valid. > >I know the best way to accomplish this would be to phone verify each >person, but this is labor intensive and cost prohibitive. > >Currently our system requires that the system assigns the password and >sends the password via email to the member. This is ok, but it is so easy >for people to get hotmail accounts that it isn't the best way. > >What are some of the ways that you all have used to validate/verify a user >and who they are?!
Depends on how far you want to go with it. Even a phone call could be faked. You could extend the email-the-pw thing a bit... when the user registers, have them fill out various bits of info (residence, phone, secret work, etc) and when the user comes back with his freshly emailed random pw, ask for one (or more) of these bits of info in addition to the pw. But in the end, you still don't know that the guy signing up as Joe Sixpack, with [EMAIL PROTECTED], is really who he represents himself to be. You could be really anal and require them to fax you some photocopy of ID (license or whatever) and have a human check these and flag these accounts as ok - but someone could have mugged Joe and took his wallet. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
