Assurance

[Tom Scavo <>]

> The credential reset process doesn't need to be the same as
> the initial credentialing process, it just has to meet the same IAP
> criteria. Once the IdPO has a relationship with someone, they can
> leverage additional information to facilitate later resets. For
> example, a cell phone number could be verified during the initial
> process and used to transmit a short-term token as part of a reset
> process without needing face-to-face interaction.

This is precisely what we do except the phone need not be a cell phone, and 
in fact we prefer it NOT to be a cell phone. Here's a demo:

http://youtu.be/Kod8Lu2QBF4

There are two "addresses of record" involved, an email address and a phone 
number. In other words, it's a two-factor password reset process. We're 
rolling this out as we speak.

Tom