assurance - RE: [Assurance] Password reset process: Flogging the dead horse
Subject: Assurance
List archive
- From: Eric Goodman <>
- To: "" <>
- Subject: RE: [Assurance] Password reset process: Flogging the dead horse
- Date: Wed, 7 Aug 2013 23:31:06 +0000
- Accept-language: en-US
|
> The above process is exactly what UChicago has submitted to our auditors
> for InCommon Silver. Though we offer delivery of the secret over SMS
>
in addition to email. Thanks, and yes for purposes of this question, I’d think email, SMS and snail mail are roughly equivalent.
We also discussed whether calling a pre-registered phone number directly and talking to the individual would count, and similarly if the incoming caller ID
number matching a pre-registered number would suffice (i.e., if I call from my registered number and say “give me a temporary password”, could the help desk just do so based on having validated your registered phone number?)
--- Eric |
- [Assurance] Password reset process: Flogging the dead horse, Eric Goodman, 08/07/2013
- Re: [Assurance] Password reset process: Flogging the dead horse, David Langenberg, 08/07/2013
- RE: [Assurance] Password reset process: Flogging the dead horse, Eric Goodman, 08/07/2013
- Re: [Assurance] Password reset process: Flogging the dead horse, David Langenberg, 08/07/2013
- RE: [Assurance] Password reset process: Flogging the dead horse, Jones, Mark B, 08/08/2013
- Re: [Assurance] Password reset process: Flogging the dead horse, David Langenberg, 08/08/2013
- RE: [Assurance] Password reset process: Flogging the dead horse, Eric Goodman, 08/07/2013
- <Possible follow-up(s)>
- Re: [Assurance] Password reset process: Flogging the dead horse, Joe St Sauver, 08/07/2013
- Re: [Assurance] Password reset process: Flogging the dead horse, David Langenberg, 08/07/2013
Archive powered by MHonArc 2.6.16.