assurance - Re: [Assurance] last question
Subject: Assurance
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [Assurance] last question
- Date: Mon, 12 Nov 2012 14:21:28 -0500 (EST)
> If a Silver credential is compromised, can or should it be reset
> using the compromised credential
If a credential is compromised, it needs to be revoked ASAP, that is, it
should no longer be recognized as a valid authenticator.
> and/ or by answering security questions?
I don't believe the IAP gives guidance in the area of password reset (which
is what I think you're asking about) so let me give my opinion FWIW. A
password is only as strong as the password reset mechanism that goes along
with it. Recent events on the open Internet have clearly demonstrated that
the Bad Guy, when confronted with a strong authenticator, turns his/her
attention to the password reset process using social engineering tactics.
Tom
- [Assurance] last question, Lisa Campeau, 11/12/2012
- Re: [Assurance] last question, Tom Scavo, 11/12/2012
- RE: [Assurance] last question, Jones, Mark B, 11/12/2012
- RE: [Assurance] last question, Lisa Campeau, 11/12/2012
- RE: [Assurance] last question, Lisa Campeau, 11/12/2012
- RE: [Assurance] last question, Jones, Mark B, 11/12/2012
- RE: [Assurance] last question, Farmer, Jacob, 11/12/2012
- RE: [Assurance] last question, Lisa Campeau, 11/13/2012
- Re: [Assurance] last question, David Langenberg, 11/12/2012
- RE: [Assurance] last question, Jones, Mark B, 11/12/2012
- Re: [Assurance] last question, David Langenberg, 11/12/2012
- RE: [Assurance] last question, Jones, Mark B, 11/12/2012
- Re: [Assurance] last question, David Langenberg, 11/12/2012
- RE: [Assurance] last question, Jones, Mark B, 11/12/2012
- RE: [Assurance] last question, Lisa Campeau, 11/12/2012
- RE: [Assurance] last question, Lisa Campeau, 11/12/2012
- RE: [Assurance] last question, Jones, Mark B, 11/12/2012
- Re: [Assurance] last question, Tom Scavo, 11/12/2012
Archive powered by MHonArc 2.6.16.