Password reset

rob1234rob1234 Banned Posts: 151
in Other Security Certifications
How do you guys deal with password resets where you work?

Trying to think of a good way to ensure the user is who they say they are.
· Share on FacebookShare on Twitter

Comments

  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    Access to your network is granted by only knowing an account name and password? You need to throw one or two other authentication factors in there, such as hard and soft certificates. That way just knowing an account name and password won't grant illicit access to your network.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • the_hutchthe_hutch Banned Posts: 827
    The best way is physical verfication. Force the user to come on-site to reset their password. If the users are too spread out for this to be convenient, you could have a single appointed agent in each organization/building/etc... to verify the identities of people needing password resets. That person could then send a digitally signed email (using SMIME technology) to the helpdesk to authorize the reset.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.