Security Basics mailing list archives
Re: Password communication
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Thu, 3 Jan 2008 22:35:47 +0300
Hello Pepsdiaz, I too agree with Nick Vaernhoej. While reseting the password, make sure you also enable the option "User must change password at next logon". Then communicate the password over phone or in person. As soon as the user logs (login) on for the first time with the previous communicated password, he'll be forced to change the password of his account there and there itself. --- Nikhil Wagholikar Information Security Analyst NII Consulting Web: http://www.niiconsulting.com Security Products: http://www.niiconsulting.com/products.html On 3 Jan 2008 09:09:18 -0000, <pepsdiaz () gmail com> wrote:
Dear all, We are trying to implement a password policy in our Organization and we have some doubts when distributing the password to all the employees. I would like to know which is the best way to communicate the new password when the user block/forgot his password. 1) We donĀ“t want to use an envelope because it takes long time. 2) Telephone is insecure, how to authenticate the user? 3) email is also insecure... 4) PKI... expensive? Thanks to all in advance.
Current thread:
- Password communication pepsdiaz (Jan 03)
- RE: Password communication Nick Duda (Jan 03)
- RE: Password communication Sam Hansen (Jan 03)
- RE: Password communication Nick Vaernhoej (Jan 03)
- RE: Password communication Petter Bruland (Jan 03)
- Re: Password communication Dante Signal31 (Jan 04)
- RE: Password communication Sinha, Amitabh (Amit) (Jan 07)
- RE: Password communication Petter Bruland (Jan 03)
- Re: Password communication Nikhil Wagholikar (Jan 03)
- RE: Password communication Ronny Roethof (Jan 04)
- Re: Password communication mgk.mailing (Jan 04)
- Re: Password communication Gleb Paharenko (Jan 07)
- Re: Password communication Serg B (Jan 07)
- RE: Password communication Worrell, Brian (Jan 08)
- Message not available
- RE: Password communication Worrell, Brian (Jan 08)
- Re: Password communication Gleb Paharenko (Jan 07)
- RE: Password communication Nick Duda (Jan 03)
- RE: Password communication Worrell, Brian (Jan 04)
- <Possible follow-ups>
- Re: RE: Password communication rjflyguy (Jan 04)