or PGP key be uploaded to the panel
> before the panel allows you to disable email password resets, though
> there would still need to be a plan in place for the inevitable case
> where the customer claims to no longer have access to any of the
> keys they have uploaded.
I think this is the best suggestion. Require a GPG key off everyone.
If, the VPS owner has chosen to disable password reset (which for a securit=
y=20
sensitive site, they almost certainly should -- emails aren't secure), then=
=20
it is their duty to supply a public-key method of verifying their identity.=
=20
If they haven't done that then I don't think it's unreasonable for you to=20
require any level of:
- Birth certificate
- Utility bill
- Passport
- Freshly made photo of them holding today's paper with a secret phrase of
your choice written on it.
- An unlocking payment from the same source as the original VPS purchase
In short: paranoia. Disabling password reset implies a level of security=20
that should be maintained. It's saying "I take full responsibility for the=
=20
password to this VPS, and if I lose it, I accept that I may never get acces=
s=20
again".
The alternative is that social engineering will get an attacker access; and=
=20
that's often considerably easier brute forcing problem than a password.
Andy
=2D-=20
Dr Andy Parkins
andyparkins@???
--nextPart5013124.LgbL6CrAug
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAk/5qx8ACgkQwQJ9gE9xL21ALACgw/KGsxSJAi/uZhlgeZNVdHHJ
VY0AnjNqhjIyOnSmLd6RbSpFHbia4Yeh
=C7me
-----END PGP SIGNATURE-----
--nextPart5013124.LgbL6CrAug--
From pjb@??? Mon Jul 09 13:07:23 2012
Received: from [2001:ba8:1f1:f2a1::2] (helo=zircon.org.uk)
by mail.bitfolk.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <pjb@???>)
id 1SoDgR-0006hd-3f
for users@???; Mon, 09 Jul 2012 13:07:23 +0000
Received: from cpc2-midd5-0-0-cust267.11-1.cable.virginmedia.com
([82.7.225.12] helo=emerald.zircon.org.uk)
by zircon.org.uk with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <pjb@???>)
id 1SoDgF-00057t-10
for users@???; Mon, 09 Jul 2012 14:07:13 +0100
Received: from [127.0.0.1] (helo=emerald.lothlann.freeserve.co.uk)
by emerald.zircon.org.uk with esmtp (Exim 4.72)
(envelope-from <pjb@???>)
id 1SoDgF-0005Ge-70; Mon, 09 Jul 2012 14:07:11 +0100
Date: Mon, 9 Jul 2012 14:06:18 +0100 (BST)
From: Phil Brooke <phil-bitfolk-users@???>
To: users@???
In-Reply-To: <201207081645.39704.andyparkins@???>
Message-ID: <1207091331520.3156.UDXSUCGA%phil-bitfolk-users@???>
References: <20120707130537.GA11695@???>
<201207081645.39704.andyparkins@???>
User-Agent: Alpine 2.02 (DEB 1266 2009-07-14)
X-Topal-Fcc: bitfolk-users
Importance: Normal
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-709820376-1341839178=:3156"
X-Topal-SPF: yes
X-bitfolk.com-Metrics-Host-Lookup-Failed: Reverse DNS lookup failed for
2001:ba8:1f1:f2a1::2 (failed)
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Mon,
09 Jul 2012 13:07:23 +0000
X-SA-Exim-Connect-IP: 2001:ba8:1f1:f2a1::2
X-SA-Exim-Mail-From: pjb@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd2.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
shortcircuit=ham autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 SHORTCIRCUIT Not all rules were run,
due to a shortcircuited rule
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] Proving that you are you
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
