So, instead of requiring your customers to recite their passwords to unidentifiable strangers over the telephone, you could use a randomly generated PIN instead. Then, you could present that PIN inside the customer's account, where they could read it out to you.
This carries all the advantages of making sure the person you're speaking with has their password, but with none of the downsides, such as giving the password to a customer service member in plain text (thereby allowing them to write it down,) or giving your customer service staff a mechanism to test whether customer passwords are what is suspected (thereby allowing them to guess, and to check whether what they wrote down previously is still correct.)
This also isn't a massive PCI violation, like what you do now is.
The strategy is simple.
- For every user add a medium integer
CallPINand a datetimestampCallPIN_Time - When a user is looking at the site support page, emit a widget on the webpage "Your call-in security pin"
- If the user is not logged in, give a link to the login page that goes back here
- If the user is logged in:
1. Check whetherf
CallPIN_Timeis more than 30 minutes ago- If
CallPIN_Timeis more than 30 minutes ago, replaceCallPINwith a random number 00000 .. 99999, then setCallPIN_Timetonow(). - If
CallPIN_Timeis more recent than the last half hour, take no action 1. ShowCallPINon the webpage
- If
- Have your staff ask for the CallPIN instead of the password