Sophos SafeGuard Disk Encryption 4.60
Windows 2000 Professional SP4, Windows XP SP3
How can I be sure that the user, who requests a Sophos SafeGuard Disk Encryption response code, is the right one (authentication)?
It could be a concept to combine the Challenge Response feature with a mobile phone to overcome the necessity to authenticate the user to the helpdesk.
Often a helpdesk has the problem, that they don´t know the person on the phone, if they want to reset the password.
So the procedure could be as follows: After a user requests (phone call) a new password from the helpdesk via challange response, the helpdesk would ask for the name (and also necessary further information) and will send the response via SMS to the mobile phone.
There are many providers who offer free SMS, or you must pay for a guaranteed time frame. Another advantage is that a user recognizes that somebody tries to hack his password.