Fwd: login sheets

["Babu Kopparam" <babukopparam () gmail com>]

Hi!

I would suggest you to write a 'Change Password' page for all four applications.
Ask user for self registration to your system, (user provides his password).
Approve this request.
Redirect him to a page where he has to provide a new password for all
the four applications.
With this, password is more and more safe that even administrator is
unaware of the same.
Remember, as a administrator, if you know the password of business
users, you can not claim for 'non-repudiation'.

I know this solution requires some additional activites, but it is
worth doing it.

Thanks,
-Babu.

On 2 Jan 2007 22:51:54 -0000, krymson () gmail com <krymson () gmail com> wrote:
> I like that idea, and did this myself when I did desktop support. Don't make this task too hard, as it really is not.
>
> Make up your sheet of passwords and deliver it to the new employee by hand. Don't keep your own copies either printed or 
> electronic. If HR prefers, you can deliver it to HR to deliver to the user, but when it is your choice, hand deliver it to the 
> user. Don't set it on the desk for their retrieval later, actually witness that they are in possession of it.
>
> Mention both verbally and on this paper that the information is highly sensitive and private to them. Your policies should 
> dictate rules about giving out account passwords, and accidentally "sharing" them via a sheet left in plain site can be 
> construed as breaking policy.
>
> Set as many of those accounts to require the user change their password on the first logon.
>
> Set as many of those accounts to unique, stronger passwords. This banks on the habit that people don't change their passwords unless they need 
> to. So don't let them keep "password" as their intranet account for years. Also, don't use a predictable pattern like their start 
> date and initials. If they lose it or your forget it, just remember you have the keys to change it to something else, so even you don't need to 
> have it predictable.
>
> Always stress that those sheets should not be stored very long. Use that opportunity (verbally or on the page again) to 
> show them how to change their passwords, and how to properly dispose of a sheet like that (shredded or secure disposal 
> bin).
>
>
>
>
> <-snip->
> Just wondering how people deal with giving new users their initial login
> details. Our users often have to know logins for four different systems in
> their first week and I wanted to give them a sheet with these details on
> them. Obviously each system will ask for a passphrase change when first
> logging in.
> Also, the sheet would have something along the lines of 'How to choose a
> strong passphrase that does not contain your cat's name or your favourire
> football team but is easy to remeber'.

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------