> Oggetto: Re: Methods for distributing pas > > > That seems rather insecure. What if (s)he's left the mobile somewhere and > didn't realize it? Someone could pick it up and then would have the > password. True, but wouldn't the one who picked up the mobile still need other pieces of information to use it (username, dial-in number or physical location of the terminal) ?
What we did in a company I worked for some years ago, was authenticating a person via voice with three random personal questions (the answers had been previously asked at user's registration) like mother's maiden name, date of birth, place of birth, and the like. If you replied with no esitation at those three questions you would get your password directly from the help desk operator (and it was a one time password forced to be changed at first logon). My 0.02 Euros :-) worth. -- Alessandro Bottonelli Owner of www.axis-net.it (italian only)
