04-10-2007 02:27 AM - edited 03-18-2019 07:11 PM
Hi
On Unity 4.2, if a user enters an incorrect PIN when dialling from their own extension they are re-prompted for both the userID and PIN.
The first attempt when hitting the VM button just prompts for PIN.
Users aren't listening to the whole prompt and try to enter their PIN again causing some confusion.
Does anyone know of a way to alter this behaviour? I.e. setting the system to only require the PIN after an inital authentication failure?
Thanks
Aaron
Solved! Go to Solution.
04-10-2007 06:39 AM
There's no setting to change this - the behavior was changed between 4.1 and 4.2 after a number of security audits across multiple products (the security team swings a big stick). One of the items was revealing that an outside caller had hit upon a valid ID - as such the behavior is that both the ID and the PIN are collected and validated as a pair - the user is not supposed to be able to figure out if the ID is valid or not when "cold calling" into the auto attendant.
When calling from a known extension (i.e. one assigned as a primary or alternate for a subscriber) the original ID input is skipped - but the failure path is the same for all calls regardless of source.
There's no configuration option or setting that alters this path at the moment. I believe the 5.0 team was looking at an option of "remembering" that the original call had called from a known extension and to provide an option to just reenter the PIN in that case, but I'm not sure if that made the list or not - best to ping your account team to pitch for it, I know a few folks have noted the behavior.
04-10-2007 06:39 AM
There's no setting to change this - the behavior was changed between 4.1 and 4.2 after a number of security audits across multiple products (the security team swings a big stick). One of the items was revealing that an outside caller had hit upon a valid ID - as such the behavior is that both the ID and the PIN are collected and validated as a pair - the user is not supposed to be able to figure out if the ID is valid or not when "cold calling" into the auto attendant.
When calling from a known extension (i.e. one assigned as a primary or alternate for a subscriber) the original ID input is skipped - but the failure path is the same for all calls regardless of source.
There's no configuration option or setting that alters this path at the moment. I believe the 5.0 team was looking at an option of "remembering" that the original call had called from a known extension and to provide an option to just reenter the PIN in that case, but I'm not sure if that made the list or not - best to ping your account team to pitch for it, I know a few folks have noted the behavior.
04-13-2007 01:15 AM
Thanks Jeff.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide