Attendees:

  • Karen Herrington
  • Wayne Donald
  • Joyce Landreth
  • Kevin Rooney
  • Mary Dunker

Agenda:

Discuss option for sending one-time password to cell phone.

Kevin Rooney described having a request for self-service password reset generate an SMS message to a cell phone. The phone number would need to have been registered by the user at a previous time -- possibly during PIDGen time, or with another authenticated interface (authenticate with PID or PDC in order to register cell number.) Presumably, the user would go to a web page to reset the PID password. The OTP would be sent to his/her cell phone, and they would enter that OTP in order to reset the PID password. To enhance security, there would be only some short time frame during which the OTP would be usable.

There would be technical requirements for:

  1. a gateway to send the SMS messages
  2. a one-time password generator.

Virginia Tech might need to pay some fee for the gateway -- maybe 5 cents per message. One service Kevin looked at was around $1200/year.

On September 21, 2009, Kevin sent an e-mail to the above attendees, indicating he is inviting Randy Marchany, Carl Harris, Daniel Fisher, Phil Benchoff, and Mike Hosig to a meeting to discuss the technical requirements for implementing one-time password to cell phones.

  • No labels