sN6q6CHjBwds7dC0/xLwZNDlO1cGSceqdH00m2BI0x9mYmTCotlgXg
kQlDm6ZAzHm2DEIqTWtSv/QYuufQmExQ7pvCpX6Fwqt+RuVhAqLq+im2NoTFZQAZUE
UHVom3vT4MDI8keGrHfdv7zSctbA+CuM/xi2hFow=
Date: Sat, 7 Jul 2012 18:13:53 +0100
From: "Aaron B. Russell" <aaron@???>
To: Andy Smith <andy@???>
Message-ID: <3B35605E52F04AE2817487EE7C3EE903@???>
In-Reply-To: <20120707170729.GU3867@???>
References: <20120707130537.GA11695@???>
<ECAE67DBAB7C44C2BA99DA232CC6E395@???>
<E8D012CEB3584285925AD3F1476D118B@???>
<20120707170729.GU3867@???>
X-Mailer: sparrow 1.6.1 (build 1081.52)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="4ff86e51_3b594807_8726"
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Sat,
07 Jul 2012 17:13:54 +0000
X-SA-Exim-Connect-IP: 2001:ba8:1f1:f1de::f5:c
X-SA-Exim-Mail-From: aaron@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd3.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
shortcircuit=ham autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 SHORTCIRCUIT Not all rules were run,
due to a shortcircuited rule
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Cc: users@???
Subject: Re: [bitfolk] Proving that you are you
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2012 17:13:54 -0000
--4ff86e51_3b594807_8726
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
> So are you saying that if
> =20
> - YOU had disabled the password reset, and
> - YOUR service were down, and
> - you were communicating with me via email (possibly from a
> different email address to the one in our database)
> =20
> YOU would not want me to reset your account password based on an
> image of a utility bill, but would insist upon a government ID that
> I recognise=3F
> =20
> =20
Well my concern with a utility bill is that they're reasonably easily fak=
ed=E2=80=A6 it's not hard to do a Google Image Search for =22gas bill=22,=
then edit the relevant parts in your favourite image editor.
> Also what would be your suggestion regarding government IDs that I
> don't recognise (not all customers are from the UK)=3F
> =20
> =20
I have to admit I'd not considered the non-UK side of things. That would =
definitely be a problem with the approach I'd suggested, as it'd be unrea=
sonable to expect you to have an encyclopaedic knowledge of every possibl=
e government ID out there=21
Perhaps if, at the time of disabling password resets, a customer was requ=
ired to send in an image of a government ID that you could keep on file a=
nd validate against, in case they ever did lock themselves out=3F I'm not=
sure how happy people would be to do that, though.
-- =20
Aaron B. Russell
http://unadopted.co.uk
+44 20 3137 4147
--4ff86e51_3b594807_8726
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<div style=3D=22font-family: Helvetica; font-size: 13px; =
=22><blockquote type=3D=22cite=22 style=3D=22border-left-style: solid; bo=
rder-left-color:
