What account protection measures to apply if it is not available to attach a mobile?

U

Urukhayy2015-05-14 12:15:24

Computer networks

Urukhayy, 2015-05-14 12:15:24

1) What account protection measures should be applied if it is not available to attach a mobile phone?
2) And if the attached mobile number is lost?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dmitry Entelis, 2015-05-14
@DmitriyEntelis

From the point of view of the site developer or from the point of view of the user?
1) From the user's point of view: put a long complex password that is not used anywhere else, write it down on a piece of paper, burn the piece of paper, and dispel the ashes.
From a developer's point of view: there are a lot of options.
2) The attached number can always be restored. If the number is not tied to the passport - well, the user himself is an idiot.

S

Sergey, 2015-05-14
@edinorog

one-time code generator

N

Nikolai Korabelnikov, 2015-05-15
@nmk2002

If you are asking about authentication protection, then such a task requires an integrated approach.
For starters, the user credentials must be properly stored on your server.
And the user must use strong authentication. There are many options and you need to choose what suits you:
- certificates (smart cards, tokens)
- one-time passwords (hardware generators, software generators, SMS / email, OATH or proprietary, QR or alphanumeric)
- biometrics (for example, keyboard typing behavior)