Security Basics mailing list archives
Re: secure password communication
From: Stephen Thornber <skthornber () mac com>
Date: Mon, 22 Dec 2008 17:27:09 +0000
This all depends on the risk associated with different delivery methods. And the risks to your systems if you get it wrong.If the risk is high then use the Crypto & or OIN Mailer, better still hand over to the users in person. (Very logng distances can be done via a remote administrator)
There are just so many ways - and as many to get it wrong.Send by email in multiple parts. Use a self decrypting program that would require the user to contact you for a password - sort of defeats the object though.
Send by part email part textbetter still verify user by way of a telephone call validating something they know about themselves and something they should know about you, and give over the phone.
On 22 Dec 2008, at 05:34, sfmailsbm () gmail com wrote:
Dear List,we need to communicate first-time application passwords to remote users; wanted to know what are the practices implemented out there to ensure that password is communicated in a secure, fast, cost- effective wayencrypted mails is not feasible for the time being, printing PIN Mailers and sending by post will be too lengthyany ideas will be appreciated many thanks, Ron
Current thread:
- secure password communication sfmailsbm (Dec 22)
- Re: secure password communication adeel hussain (Dec 22)
- Re: secure password communication Ansgar Wiechers (Dec 22)
- Re: secure password communication Stephen Thornber (Dec 22)
- Re: secure password communication James Lawrie (Dec 22)
- Re: secure password communication Mitchell Rowton (Dec 22)
- Re: secure password communication Shreyas Zare (Dec 23)
- Re: secure password communication Andre Pawlowski (Dec 23)
- <Possible follow-ups>
- Re: secure password communication dan . crowley (Dec 22)
- Re: secure password communication John Jordan (Dec 23)
- Re: secure password communication dan . crowley (Dec 23)