Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Password communication

From: "Sam Hansen" <Sam.Hansen () wwu edu>
Date: Thu, 3 Jan 2008 09:08:50 -0800
?!? Tell Kevin Mitnick that.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Duda
Sent: Thursday, January 03, 2008 8:52 AM
To: pepsdiaz () gmail com; security-basics () securityfocus com
Subject: RE: Password communication

Telephone is the best choice there...to say its in-secure isn't true. If it was secure then financial institutions 
would not use it for service. They put in place a compensation control for it, like asking information from your credit 
report....think of a compensation control that is specific to your business.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of pepsdiaz () gmail com
Sent: Thursday, January 03, 2008 4:09 AM
To: security-basics () securityfocus com
Subject: Password communication

Dear all,
 
We are trying to implement a password policy in our Organization and we have some doubts when distributing the password 
to all the employees. I would like to know which is the best way to communicate the new password when the user 
block/forgot his password. 
 
1) We donĀ“t want to use an envelope because it takes long time.
 
2) Telephone is insecure, how to authenticate the user?
 
3) email is also insecure...
 
4) PKI... expensive?
 
Thanks to all in advance.
Previous By Date Next
Previous By Thread Next

Current thread: