Re: [bitfolk] IP address at Nominet's nameservers is wrong

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJon Agland at <-
MMathew Newton at ->

Reply to this message
Author: Ian
Date:  
Subject: Re: [bitfolk] IP address at Nominet's nameservers is wrong
ir
> password.
>
> If it had been you in the customer's position would you have
> considered that reasonable?
>
> If you have disabled email password reset, are you comfortable with
> this being circumvented by someone who is able to present a
> convincing image of a utility bill to support@??? (mailto:support@bitfolk.com)?
>
> Perhaps you can offer some guidelines for how this should be dealt
> with in future so that there can be a consistent response.
>
> Suggestions revolving around the customer identifying themselves
> using public key crypto (PGP keys, SSH keys) are fine but do bear in
> mind that most customers have not presented either a PGP nor SSH key
> to me, and that would have to be done before it was actually needed.
>
> I could require that an SSH and/or PGP key be uploaded to the panel
> before the panel allows you to disable email password resets, though
> there would still need to be a plan in place for the inevitable case
> where the customer claims to no longer have access to any of the
> keys they have uploaded.
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> _______________________________________________
> users mailing list
> users@??? (mailto:users@lists.bitfolk.com)
> https://lists.bitfolk.com/mailman/listinfo/users
>
>



--4ff8656c_b37e80a_8726
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline 


                <div>What about a scan of a government-issued ID (eg pass=
port/driver's license), and perhaps a quick Skype video call to prove tha=
t I actually had said document in my possession (as opposed to just havin=
g an image file which could have been)=3F</div><div><div><div><div>--&nbs=
p;<br>Aaron B. Russell<br></div><div>http://unadopted.co.uk</div><div>+44=
 20 3137 4147</div></div></div></div>
                =20
                <p style=3D=22color: =23A0A0A8;=22>On Saturday, July 7, 2=
012 at 2:05pm, Andy Smith wrote:</p>
                <blockquote type=3D=22cite=22 style=3D=22border-left-styl=
e:solid;border-width:1px;margin-left:0px;padding-left:10px;=22>
                    <span><div><div><div>Hello,</div><div><br></div><div>=
Today a customer popped up on IRC saying that they had broken their</div>=
<div>VPS and couldn't remember their account details in order to use the<=
/div><div>console / rescue VM.</div><div><br></div><div>Unfortunately the=
y had also at some point in the past disabled</div><div>email password re=
set, so they were unable to regain access.</div><div><br></div><div>My co=
ncern at that point was that since they had previously disabled</div><div=

>email password reset they were obviously security-conscious, so I</div><=
div>did not feel comfortable resetting their password and giving it out</=
div><div>to them over IRC.</div><div><br></div><div>Of c
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] DNS hiccupsRe: [bitfolk] IP address at Nominet's nameservers is wrong->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)