Robert: The usual procedure that I've seen with ISP's (and one we will probably end up using) is to include in the signup documents a security question. It could be something like "What is your mother's maiden name," or something really strange like "What was the name of your first childhood pet," or something similar. Basically, it would be a question that only the rightful account owner would know the answer to, and provide a reasonable amount of security for the ISP for legal purposes.
Matthew __ Matthew S. McCleary, [EMAIL PROTECTED] Systems Administrator, Socorro ISP Inc., http://www.socorroisp.com/ On Tue, 3 Dec 2002, Robert Sieber wrote: > Hello colleauges, > > imaging the following situation: > > User calls the helpdesk to reset/alter some kind > of account-password (NT, RAS, PKI-PIN ...) and you > has to determin wheter the user is the correct > (owner of the account) user. What would you do > to authentificate the users identity? > > What are good methodes to do this? It should be > easy for the user but secure for the administration. > > > Robert > > -- > http://board.protecus.de - Firewalls, Security and more ... > > > >
