Security Basics mailing list archives
Re: secure password communication
From: "adeel hussain" <ad33lh () gmail com>
Date: Mon, 22 Dec 2008 10:27:07 -0500
Hello Ron, Everyone, The most commonly accepted method I have seen and implemented is to issue the passwords to a password protected voicemail (preferably on the companies own voice network but could be done to a known alternate phone number). This provides the out of band communication and authentication required to adequately secure the password without incurring undue time, expense or complexity. With this system the userID should not be listed in the voicemail. This then necessitates the compromise, or administrative control, of two systems (voice mail and email) by a single person or group. Hope this helps. Adeel On Mon, Dec 22, 2008 at 12:34 AM, <sfmailsbm () gmail com> wrote:
Dear List, we need to communicate first-time application passwords to remote users; wanted to know what are the practices implemented out there to ensure that password is communicated in a secure, fast, cost-effective way encrypted mails is not feasible for the time being, printing PIN Mailers and sending by post will be too lengthy any ideas will be appreciated many thanks, Ron
Current thread:
- secure password communication sfmailsbm (Dec 22)
- Re: secure password communication adeel hussain (Dec 22)
- Re: secure password communication Ansgar Wiechers (Dec 22)
- Re: secure password communication Stephen Thornber (Dec 22)
- Re: secure password communication James Lawrie (Dec 22)
- Re: secure password communication Mitchell Rowton (Dec 22)
- Re: secure password communication Shreyas Zare (Dec 23)
- Re: secure password communication Andre Pawlowski (Dec 23)
- <Possible follow-ups>
- Re: secure password communication dan . crowley (Dec 22)
- Re: secure password communication John Jordan (Dec 23)
- Re: secure password communication dan . crowley (Dec 23)