Security Basics mailing list archives
Re: secure password communication
From: dan.crowley () gmail com
Date: Tue, 23 Dec 2008 07:32:59 -0700
I think in your situation is the best and simplest way to make a text file with username and password, make a selfdecrypt file (for example with 7zip, afaik it used AES256) and send it via email to the user outside. When he gets the file and calls you, you can give him the password via phone. Of course this way is not the safest one, but I think in your situation even the best.
This is just a matter of changing the threat from MITM to OOB-MITM (Out-of-band Man-in-the-middle). Still not really secure.
Send by part email part text better still verify user by way of a telephone call validating something they know about themselves and something they should know about you, and give over the phone.
I'll make sure to call up your employees and give them a fake password in exchange for their validation information, then give you a call! ;)
Current thread:
- secure password communication sfmailsbm (Dec 22)
- Re: secure password communication adeel hussain (Dec 22)
- Re: secure password communication Ansgar Wiechers (Dec 22)
- Re: secure password communication Stephen Thornber (Dec 22)
- Re: secure password communication James Lawrie (Dec 22)
- Re: secure password communication Mitchell Rowton (Dec 22)
- Re: secure password communication Shreyas Zare (Dec 23)
- Re: secure password communication Andre Pawlowski (Dec 23)
- <Possible follow-ups>
- Re: secure password communication dan . crowley (Dec 22)
- Re: secure password communication John Jordan (Dec 23)
- Re: secure password communication dan . crowley (Dec 23)