I find this subject intensely interesting.
I know Andy has already taken a load on board but here's my thoughts anyway.
If someone has decided they don't trust email to perform account resets
then yes, they should be considered security-conscious and unlikely to
want to have a less secure method to be used in case of emergency.
Given that I think it is reasonable to expect people who turn it off to
perform some extra work to ensure they can be authenticated if the worst
happens and they lose private keys, forget pass-phrases etc.
I do like the idea of asking the customer to send you a set amount using
the account they last used to pay for the service itself.
I also like the idea of using some form of web of trust here...please
ensure you have nominated someone else who has a publicly signed key
that can be used to verify that you are making the request, even if that
key cannot be used to actually access the service directly.
Right, off to get wet in the summer sun...
n
On 07/07/12 14:05, Andy Smith wrote:
> Hello,
>
> Today a customer popped up on IRC saying that they had broken their
> VPS and couldn't remember their account details in order to use the
> console / rescue VM.
>
> Unfortunately they had also at some point in the past disabled
> email password reset, so they were unable to regain access.
>
> My concern at that point was that since they had previously disabled
> email password reset they were obviously security-conscious, so I
> did not feel comfortable resetting their password and giving it out
> to them over IRC.
>
> Of course, I could see that the customer's service was down as
> claimed, which did lend weight to the story and meant that I could
> not just ignore the issue.
>
> In the end I asked the person on IRC to send me a photo or scan of a
> utility bill bearing their name and address as present in BitFolk's
> customer database, and on receipt of that I did reset their
> password.
>
> If it had been you in the customer's position would you have
> considered that reasonable?
>
> If you have disabled email password reset, are you comfortable with
> this being circumvented by someone who is able to present a
> convincing image of a utility bill to support@????
>
> Perhaps you can offer some guidelines for how this should be dealt
> with in future so that there can be a consistent response.
>
> Suggestions revolving around the customer identifying themselves
> using public key crypto (PGP keys, SSH keys) are fine but do bear in
> mind that most customers have not presented either a PGP nor SSH key
> to me, and that would have to be done before it was actually needed.
>
> I could require that an SSH and/or PGP key be uploaded to the panel
> before the panel allows you to disable email password resets, though
> there would still need to be a plan in place for the inevitable case
> where the customer claims to no longer have access to any of the
> keys they have uploaded.
>
> Cheers,
> Andy
>
>
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
From bitfolk-lists@??? Sun Jul 08 13:47:03 2012
Received: from quartz.solutium.co.uk ([194.150.194.53])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <bitfolk-lists@???>)
id 1SnrpG-000185-OD
for users@???; Sun, 08 Jul 2012 13:47:03 +0000
Received: from gav2trumpton.plus.com ([212.159.69.141] helo=[192.168.1.100])
by quartz.solutium.co.uk with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72)
(envelope-from <bitfolk-lists@???>)
id 1Snrp5-0001a3-RD
for users@???; Sun, 08 Jul 2012 14:46:53 +0100
Message-ID: <4FF98F47.9090800@???>
Date: Sun, 08 Jul 2012 14:46:47 +0100
From: Gavin Westwood <bitfolk-lists@???>
Organization: Solutium
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
To: users@???
References: <20120707130537.GA11695@???>
<ea1dd7a26d52a888baf769702d0ca
