Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password communication

From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Thu, 3 Jan 2008 22:35:47 +0300
Hello Pepsdiaz,

I too agree with Nick Vaernhoej.

While reseting the password, make sure you also enable the option
"User must change password at next logon". Then communicate the
password over phone or in person. As soon as the user logs (login) on
for the first time with the previous communicated password, he'll be
forced to change the password of his account there and there itself.

---
Nikhil Wagholikar
Information Security Analyst
NII Consulting
Web: http://www.niiconsulting.com
Security Products: http://www.niiconsulting.com/products.html



On 3 Jan 2008 09:09:18 -0000, <pepsdiaz () gmail com> wrote:

Dear all,



We are trying to implement a password policy in our Organization and we have some doubts when distributing the 
password to all the employees. I would like to know which is the best way to communicate the new password when the 
user block/forgot his password.



1) We donĀ“t want to use an envelope because it takes long time.



2) Telephone is insecure, how to authenticate the user?



3) email is also insecure...



4) PKI... expensive?



Thanks to all in advance.
Previous By Date Next
Previous By Thread Next

Current thread: