Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Best Practice - Call Center Authentication #44

Open
lancepeterman opened this issue May 13, 2021 · 1 comment
Open

Best Practice - Call Center Authentication #44

lancepeterman opened this issue May 13, 2021 · 1 comment
Milestone
BoK Issue 8

Comments

@lancepeterman
Copy link

This needs to be incorporated into the BoK, probably in one of the Intro to Identity articles:

Would be good to include a passage on why using a shared secret, usually established by the customer, is a risky method for authenticating customers in that setting. These are risky for a number of reasons, not the least of which is that the secret is known by the customer (if they can remember it), the authentication system, and then the operator once they key in the secret.
@cronical
Copy link
Contributor

I think this is referring to private questions and answers often for the purpose of resetting passwords. This is opposed to a shared secret which is the password or PIN. Is that right Lance?

@hlflanagan hlflanagan added this to the BoK Issue 8 milestone Mar 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
BoK Issue 8
Development

No branches or pull requests
3 participants
@hlflanagan @cronical @lancepeterman