Home : General : Internet Technologies :

General: Internet Technologies: Domain PIN - telephone validation: Edit Log

Here is the list of edits for this post
Domain PIN - telephone validation
I'm trying to think of what the ideal registrar would offer for security.

I like the possibility of requiring FAX validation, especially for password changes.

You could even require that the fax come from a specific telephone number, but what if there are serious technical reasons for that number being out of service - like in a war area?

I have already mentioned the following factors to help provide security and access to support if there are problems:

1. Email Validation of Password Changes

2. Email Validation of Contact Changes

3. Email Validation of DNS Changes

4. Support Phone Number


Some additional security factors might be:

5. Modify User Name

6. FAX validation required

7. FAX validation from specified tel. number

8. Range of available characters: a-z, A-Z, 0-9, and a whole bunch of symbols or other chars

9. Number of characters: 12-16 in username and in password

10. Telephone PIN validation: perhaps a change submitted through the web admin could be followed up with a phone call with a special PIN. This type of thing might be better and easier than the FAX follow up. In fact, this could be really cool. You could create the change request through the web admin and be issued a Request Number. Then, you call a special phone number and enter your Request Number. Then, the voice thingy accepts your Request Number and says, "Okay, Fred, fork over your PIN or your Request is dead." At this point, you would punch in your special PIN and then your account change would be enabled.

The trick would be how to create that PIN without going through the web, like when first opening an account. Okay, I think I have it.....Let's say that you want to open an account at Sam's Registrar Service. Okay, now you create a user/pass and do all the usual stuff. At this point, Sam's system says, "All right, we have your info. Now, you have to call this number xxx-xxx-xxxx to get your PIN. When you call that number, please enter the account number that was generated here (show account number)"

This would mean that the PIN is NEVER displayed on the web, and it would mean that the entire PIN process - from creation to all of its uses - would be totally automated. Modifying the PIN would have to be done over the phone, too, but that could be automatic, as well.

Yep, that would be the way to go.

Let's call it a "Domain PIN"

What do you think?

Thanks.

------------------------------------------

Last edited by:

DogTags: Sep 17, 2003, 4:37 PM

Edit Log: