Security Basics mailing list archives
Re: RE: Password communication
From: rjflyguy () yahoo securityfocus com, com () securityfocus com
Date: 4 Jan 2008 01:38:22 -0000
Pepsdiaz, I was having the same situation like your too some time back. The company that I worked for have around 900 employees scattered all over the country and when new system was put in place, login ids a and passwords need to be distributed to them. Headache. What we did back then was to use sealed envelopes. In the envelope, we specify their Login ID but the password was somehow not in "clear text". We use employees Identification Card number, Employee Number, their Health Insurance number... So in the envelope, we just state that "For the password, please use the last 4 digits of your IC numbers + last 2 digits of Employee Number + last 4 digits of Health Insurance number" And the envelopes are couriered to all head of branches and he/she is responsible in passing the sealed envelopes to his/her staff. Upon signing in with the Login ID and the password, the staff is immediately forced to change the password or else the account will be locked. For extra security, system admin then (in batches) checked the machine hostname from where they logged in to match with their login ID. If any doubt, the system admin will call the respective staff just to confirm the process is all okay. Hope this helps... -RJ2-
Current thread:
- Re: Password communication, (continued)
- Re: Password communication Nikhil Wagholikar (Jan 03)
- RE: Password communication Ronny Roethof (Jan 04)
- Re: Password communication mgk.mailing (Jan 04)
- Re: Password communication Gleb Paharenko (Jan 07)
- Re: Password communication Serg B (Jan 07)
- RE: Password communication Worrell, Brian (Jan 08)
- Message not available
- RE: Password communication Worrell, Brian (Jan 08)
- Re: Password communication Gleb Paharenko (Jan 07)
- Re: Password communication Nikhil Wagholikar (Jan 03)
- RE: Password communication Worrell, Brian (Jan 04)