assurance - RE: [Assurance] Bronze password reset
Subject: Assurance
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: RE: [Assurance] Bronze password reset
- Date: Mon, 12 Jan 2015 15:16:26 +0000
- Accept-language: en-US
- Authentication-results: spf=pass (sender IP is 164.107.81.210) ;
> I'm wondering now if the sort-of defacto industry standard of having a few
> pre-registered questions... your favorite color, name of your first pet,
> favorite relatives name, city where you were born... is that reasonable
> care?
Probably. But I think the underlying point is that if you assume *no*
knowledge of the person, then if these typical measures fail as they
sometimes will, there's literally no way to safely recover the account, even
if the person shows up in person with ID.
But in actual practice, we *do* tend to assume some binding to a person, even
if it's weak or implicit, and we do fall back to that if remote reset doesn't
work. We don't just throw away non-guest accounts and force somebody to get a
new one if they're an affiliate.
But none of that is codified in Bronze. I guess the real underlying question
is whether it's enough to just say "reasonable care". I suspect that's in
keeping with the idea of an unaudited assurance level.
-- Scott
- [Assurance] Bronze password reset, Eric Goodman, 01/08/2015
- Re: [Assurance] Bronze password reset, David Walker, 01/09/2015
- Re: [Assurance] Bronze password reset, Eric Goodman, 01/09/2015
- RE: [Assurance] Bronze password reset, Michael W. Brogan, 01/10/2015
- RE: [Assurance] Bronze password reset, Capehart,Jeffrey D, 01/12/2015
- RE: [Assurance] Bronze password reset, Cantor, Scott, 01/12/2015
- Re: [Assurance] Bronze password reset, David Walker, 01/12/2015
- RE: [Assurance] Bronze password reset, Jones, Mark B, 01/12/2015
- RE: [Assurance] Bronze password reset, Cantor, Scott, 01/12/2015
- Re: [Assurance] Bronze password reset, David Walker, 01/12/2015
- RE: [Assurance] Bronze password reset, Jones, Mark B, 01/13/2015
- Re: [Assurance] Bronze password reset, David Walker, 01/13/2015
- Re: [Assurance] Bronze password reset, David Walker, 01/12/2015
- RE: [Assurance] Bronze password reset, Cantor, Scott, 01/12/2015
- RE: [Assurance] Bronze password reset, Capehart,Jeffrey D, 01/12/2015
- RE: [Assurance] Bronze password reset, Eric Goodman, 01/13/2015
- RE: [Assurance] Bronze password reset, Michael W. Brogan, 01/10/2015
- Re: [Assurance] Bronze password reset, Eric Goodman, 01/09/2015
- Re: [Assurance] Bronze password reset, David Walker, 01/09/2015
Archive powered by MHonArc 2.6.16.