Security Basics mailing list archives
Re: Changing user password policy
From: Cyber Legionnaire <cyber.legionnaire () gmail com>
Date: Mon, 25 Sep 2006 17:40:43 +0300
How about this: a client-server password generating application in which the client must call an admin on the phone and verify himself/herself. He/she will then be supplied with a verification code which will be entered in the client application to generate a valid new password (else the generated password will be rejected by the server). Once that new password is generated and the user decides it is easy for him/her to memorize he will submit the password over the network so that it is registered in your NIS/Domain Server. The client-server communication must be using a covert channel which includes a public key handshake to establish a session key to encrypt the transmitted password. In terms of user-friendliness, the client must only make a phone call, fill in the verification code and click the generate button. Lars Solberg wrote:
Hi list! I was wondering your toughts in changing users password in an enterprise firm, with 10k users. It has to be easy for the user to get a new password, but also secure! The users also have to be verified over the phone. Make the users go somewhere and show ID to get a new password will not work. Soo, what is your toughts about a good solution to this? In front thanks Lars --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Changing user password policy Lars Solberg (Sep 25)
- Re: Changing user password policy Cyber Legionnaire (Sep 26)
- RE: Changing user password policy Paul Sutton (Sep 26)
- RE: Changing user password policy Henry Troup (Sep 26)
- Re: Changing user password policy Hylton Conacher(ZR1HPC) (Sep 27)
- <Possible follow-ups>
- Re: Changing user password policy krymson (Sep 26)
- Re: Changing user password policy Raoul Armfield (Sep 27)
- Re: Changing user password policy Lars Solberg (Sep 29)
- Re: Changing user password policy Raoul Armfield (Sep 27)