8 Jul
2012
8 Jul
'12
12:01 p.m.
I find this subject intensely interesting.
I know Andy has already taken a load on board but here's my thoughts anyway.
If someone has decided they don't trust email to perform account resets
then yes, they should be considered security-conscious and unlikely to
want to have a less secure method to be used in case of emergency.
Given that I think it is reasonable to expect people who turn it off to
perform some extra work to ensure they can be authenticated if the worst
happens and they lose private keys, forget pass-phrases etc.
I do like the idea of asking the customer to send you a set amount using
the account they last used to pay for the service itself.
I also like the idea of using some form of web of trust here...please
ensure you have nominated someone else who has a publicly signed key
that can be used to verify that you are making the request, even if that
key cannot be used to actually access the service directly.
Right, off to get wet in the summer sun...
n
On 07/07/12 14:05, Andy Smith wrote:
Hello,
Today a customer popped up on IRC saying that they had broken their
VPS and couldn't remember their account details in order to use the
console / rescue VM.
Unfortunately they had also at some point in the past disabled
email password reset, so they were unable to regain access.
My concern at that point was that since they had previously disabled
email password reset they were obviously security-conscious, so I
did not feel comfortable resetting their password and giving it out
to them over IRC.
Of course, I could see that the customer's service was down as
claimed, which did lend weight to the story and meant that I could
not just ignore the issue.
In the end I asked the person on IRC to send me a photo or scan of a
utility bill bearing their name and address as present in BitFolk's
customer database, and on receipt of that I did reset their
password.
If it had been you in the customer's position would you have
considered that reasonable?
If you have disabled email password reset, are you comfortable with
this being circumvented by someone who is able to present a
convincing image of a utility bill to support(a)bitfolk.com?
Perhaps you can offer some guidelines for how this should be dealt
with in future so that there can be a consistent response.
Suggestions revolving around the customer identifying themselves
using public key crypto (PGP keys, SSH keys) are fine but do bear in
mind that most customers have not presented either a PGP nor SSH key
to me, and that would have to be done before it was actually needed.
I could require that an SSH and/or PGP key be uploaded to the panel
before the panel allows you to disable email password resets, though
there would still need to be a plan in place for the inevitable case
where the customer claims to no longer have access to any of the
keys they have uploaded.
Cheers,
Andy
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users