Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Best Practices for Managing Password Resets ???

From: "Brad Bemis" <Brad.Bemis () airborne com>
Date: Wed, 23 Oct 2002 10:14:14 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What are some of the common best practices currently being used in large
enterprise environments to handle password resets while reducing the risk
of exposure to social engineering exploits?  Assuming that not everyone has
voicemail, that the password being reset is required to access your e-mail
account, or that the management of a prearranged return call list results
in significant administrative overhead; what are some other alternatives
currently being used?      

- - Brad Bemis





-----BEGIN PGP SIGNATURE-----
Version: PGP Freeware, Ver 6.5.8CKT - Build 8
Comment: KeyID: 0x691D248A
Comment: Fingerprint: ECF3 F29A 65FD 3437 46FC  FADF 54B9 6BD1 691D 248A

iQA/AwUBPbbY5lS5a9FpHSSKEQK4YgCfbca7opXtvkkj6A4imk3RyyqSvrQAoO4w
o3rfEUVduEnCnIgsmI8xcyP8
=YcKM
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: