Re: secure password communication

[Stephen Thornber <skthornber () mac com>]

This all depends on the risk associated with different delivery methods.
And the risks to your systems if you get it wrong.
If the risk is high then use the Crypto & or OIN Mailer, better still  
hand over to the users in person. (Very logng distances can be done  
via a remote administrator)
There are just so many ways - and as many to get it wrong.

Send by email in multiple parts. Use a self decrypting program that  
would require the user to contact you for a password - sort of defeats  
the object though.

Send by part email part text
better still verify user by way of a telephone call validating  
something they know about themselves and something they should know  
about you, and give over the phone.
On 22 Dec 2008, at 05:34, sfmailsbm () gmail com wrote:

> Dear List,
> we need to communicate first-time application passwords to remote  
> users; wanted to know what are the practices implemented out there  
> to ensure that password is communicated in a secure, fast, cost- 
> effective way
>
> encrypted mails is not feasible for the time being, printing PIN  
> Mailers and sending by post will be too lengthy
>
> any ideas will be appreciated
>
> many thanks,
> Ron