Security Basics mailing list archives

Re: secure password communication

From: "adeel hussain" <ad33lh () gmail com>
Date: Mon, 22 Dec 2008 10:27:07 -0500

Hello Ron, Everyone,

The most commonly accepted method I have seen and implemented is to
issue the passwords to a password protected voicemail (preferably on
the companies own voice network but could be done to a known alternate
phone number).  This provides the out of band communication and
authentication required to adequately secure the password without
incurring undue time, expense or complexity.

With this system the userID should not be listed in the voicemail.
This then necessitates the compromise, or administrative control, of
two systems (voice mail and email) by a single person or group.

Hope this helps.

Adeel


On Mon, Dec 22, 2008 at 12:34 AM,  <sfmailsbm () gmail com> wrote:

Dear List,
we need to communicate first-time application passwords to remote users; wanted to know what are the practices 
implemented out there to ensure that password is communicated in a secure, fast, cost-effective way

encrypted mails is not feasible for the time being, printing PIN Mailers and sending by post will be too lengthy

any ideas will be appreciated

many thanks,
Ron

Current thread:

secure password communication sfmailsbm (Dec 22)
- Re: secure password communication adeel hussain (Dec 22)
- Re: secure password communication Ansgar Wiechers (Dec 22)
- Re: secure password communication Stephen Thornber (Dec 22)
- Re: secure password communication James Lawrie (Dec 22)
- Re: secure password communication Mitchell Rowton (Dec 22)
  - Re: secure password communication Shreyas Zare (Dec 23)
- Re: secure password communication Andre Pawlowski (Dec 23)
- <Possible follow-ups>
- Re: secure password communication dan . crowley (Dec 22)
- Re: secure password communication John Jordan (Dec 23)
- Re: secure password communication dan . crowley (Dec 23)