Assurance

[Benn Oshrin <>]

On 2/11/13 11:56 PM, Cantor, Scott wrote:
> On 2/11/13 11:54 PM, "Benn Oshrin" 
> <>
> wrote:
>
> > KBA seems a reasonable approach, but will it be considered acceptable
> > for Bronze compliance? Perhaps this is a good candidate for the
> > "alternative means" process.
>
> Last I knew, KBA even works for Silver.

The IAPs allow for "correct answers to pre-registered personalized 
questions designed to be difficult for any other person to know" 
(§4.2.4.3), but Arlene seems to be suggesting a further step if the 
secret questions fail[1]:

On 2/11/13 7:36 PM, Arlene Allen wrote:
> If they don't remember the secret questions anymore, then they must
> interact with our identity help function. This is all done on the web
> and we don't force the optional pathway of responding to an email
> sent to the address of record.

What does the "identity help function" entail?

Thanks,

-Benn-

[1] Which is the scenario I'm interested in -- what if you can't reset 
your password because your address of record is no longer valid and you 
don't have/forgot your questions? For Silver, you can re-proof your 
identity, but for Bronze there is no specific proofing required, so 
there's no (approved) way to re-claim your identity.

To draw the comparison to Google... this is the equivalent of the splash 
page that asks you for a phone number or alternate email address. 
Without them, you can't reset your Google password if you forget it.