assurance - Re: [Assurance] bootstrapping into 2-factor ....
Subject: Assurance
List archive
- From: Tom Golson <>
- To:
- Subject: Re: [Assurance] bootstrapping into 2-factor ....
- Date: Thu, 29 May 2014 15:15:43 -0500
If it's for the purpose of "assurance", we're requiring an in-person process. If it's just something someone wants to add and hopefully make their account more secure, but we're not going make any statement about that binding, then we accept that there isn't a cost-effective way to solve the problem for large populations.
But now that you've asked the question, I'm curious to hear if anyone is taking a different approach.
--Tom
On Thu, May 29, 2014 at 3:09 PM, Steven Carmody <> wrote:
Hi,
We're in the process of evaluating, moving toward deploying two-factor for some applications. We'll probably end up TXTing a code to people's phones.
Its now occurred to us that we should require stronger authN when someone wants to edit their mobile phone number.
We're wondering what other sites have done to bootstrap themselves into the situation where someone MUST have already entered a mobile phone number so they can edit their mobile number ...
what's the best practice to get someone started down this road ?
- [Assurance] bootstrapping into 2-factor ...., Steven Carmody, 05/29/2014
- Re: [Assurance] bootstrapping into 2-factor ...., Tom Golson, 05/29/2014
- Re: [Assurance] bootstrapping into 2-factor ...., David Langenberg, 05/29/2014
- Re: [Assurance] bootstrapping into 2-factor ...., Tom Scavo, 05/29/2014
Archive powered by MHonArc 2.6.16.