Home
Certification Preparation
Other Security Certifications
Password reset
rob1234
How do you guys deal with password resets where you work?
Trying to think of a good way to ensure the user is who they say they are.
Find more posts tagged with
Comments
JDMurray
Access to your network is granted by only knowing an account name and password? You need to throw one or two other authentication factors in there, such as hard and soft certificates. That way just knowing an account name and password won't grant illicit access to your network.
the_hutch
The best way is physical verfication. Force the user to come on-site to reset their password. If the users are too spread out for this to be convenient, you could have a single appointed agent in each organization/building/etc... to verify the identities of people needing password resets. That person could then send a digitally signed email (using SMIME technology) to the helpdesk to authorize the reset.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
