Educause Security Discussion mailing list archives

Re: Secure communication of passwords

From: "King, Ronald A." <raking () NSU EDU>
Date: Thu, 29 Jan 2015 13:35:21 +0000

+1 for Filelocker.  

 

We have been using it for about a year and are very happy with it.  In addition to sharing your file(s) with someone 
outside the institution, you can request one time uploads from them without giving them credentials to login.

 

Got a Phish (email)? Forward it to  <mailto:abuse () nsu edu> abuse () nsu edu!

 

Ronald King, CISSP, RHCE

Interim Technical Services Director & CISO

Office of Information Technology

Norfolk State University

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike 
Osterman
Sent: Wednesday, January 28, 2015 5:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Secure communication of passwords

 

This also reminds me of Purdue's FileLocker2 project:

http://filelocker2.sourceforge.net

 

Disclaimer: I've not tried it, but it looks solid and edu-friendly (CAS and LDAP auth).

 

-Mike

 

On Jan 28, 2015, at 1:56 PM, Shalla, Kevin <kshalla () UIC EDU <mailto:kshalla () UIC EDU> > wrote:

 

We wrote the application Protected Email Attachment Repository for this.. We have a video showing features:  
<https://www.youtube.com/watch?v=7qqXZIgzj2I> https://www.youtube.com/watch?v=7qqXZIgzj2I

 

Kevin Shalla

Academic and Enrollment Services

University of Illinois at Chicago

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas 
Carter
Sent: Wednesday, January 28, 2015 3:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: [SECURITY] Secure communication of passwords

 

On occasion we need to communicate a password (with a possible username) with a user. This is generally for some 
external system that doesn’t integrate into existing authentication mechanisms. Per our policy, we can’t send the 
password via email and it shouldn’t be written down. We generally try to communicate it via a phone call if possible, 
with a text message to a verified number as a backup. Unfortunately neither of these are convenient, so I wondered what 
others are using for this task.

 

Thomas Carter

Network and Operations Manager

Austin College 

903-813-2564

<image001.gif>

Attachment: smime.p7s
Description:

Current thread:

Secure communication of passwords Thomas Carter (Jan 28)
- Re: Secure communication of passwords Ric Getter (Jan 28)
  - Re: Secure communication of passwords Mike Osterman (Jan 28)
- Re: Secure communication of passwords Shalla, Kevin (Jan 28)
  - Re: Secure communication of passwords Mike Osterman (Jan 28)
    - Re: Secure communication of passwords Joel L. Rosenblatt (Jan 28)
    - Re: Secure communication of passwords Greg Williams (Jan 28)
    - Re: Secure communication of passwords King, Ronald A. (Jan 29)
  - Re: Secure communication of passwords Tipps, Greg (Greg Tipps) (Jan 28)
- Re: Secure communication of passwords Jones, Mark B (Jan 28)
- <Possible follow-ups>
- Secure communication of passwords Cochran, Marlowe (Feb 05)
  - Re: Secure communication of passwords Thomas Carter (Feb 05)
    - Re: Secure communication of passwords Frank Barton (Feb 05)
- Re: Secure communication of passwords Cam Beasley (Feb 05)