- use callback to their office phone, leaving the new password on their VM - that will eliminate a random person picking up the phone
- give the helpdesk phones that identify the phone number calling - not as secure, but may be an option depending upon the environment - develop a database of Qs to authenticate - similar to mother's maiden name or social security number when you call your credit card company. >>> "Robert Sieber" <[EMAIL PROTECTED]> 12/03/02 12:50PM >>> Hello colleauges, imaging the following situation: User calls the helpdesk to reset/alter some kind of account-password (NT, RAS, PKI-PIN ...) and you has to determin wheter the user is the correct (owner of the account) user. What would you do to authentificate the users identity? What are good methodes to do this? It should be easy for the user but secure for the administration. Robert -- http://board.protecus.de - Firewalls, Security and more ...
