Anyone know more about this BT "uk identity verification" scheme?
Ian G Batten
I.G.Batten at ftel.co.uk
Fri, 7 Mar 2003 15:41:48 +0000
On Fri, 07 Mar 2003, chris harrison wrote:
> One straightforward option is for them to be able to ask you a
> question to which only you would know the answer. Of course, in
> doing this they are then in possession of that answer.
``Only you would know'' applies neither to first school nor mother's
maiden name. I tend to give a random sequence of characters as an
answer, and record that in a little 3DES-encrypted database on my palm
pilot, but I have had refusals to accept that my mother was called
8aH2x80f3hE.
> that code? Another question? Another answer? Another code? At some
> iteration of this system you need to have some means of being able
> to prove to the system you are who you claim and have a right to be
> doing what you are asking to do.
So issue SecureID tags then, together with a pin.
ian