I work at a mid-sized company that has several hundred users scattered around the US in different locations and we have the usual password issues associated with terminated employees, new users, and re-sets all clogging up the Help Desk lines.

Thing is, just how should we be notifying users of their new (or re-set) passwords. E-Mail obviously won't work for Network layer or E-Mail account (obviously) passwords, so is verbal notification ok following verification of user identity?

Just how should we be handling this.

Thanks in advance guys !


Newton

Hey Newton...welcome to Wilders! :)

Password policy is always an issue.
Once way to help keep it a little more secure if you do the "over-the-phone" method.

Call the user and then have the user do a call-back. This will ensure that the users are actually getting ahold of the correct people and not someone trying to phish for their password via phone call.

~my thoughts :)

Thanks Capp that's about where I'm at with this too.

I'm just wondering if there's a "best practice" loophole I'm missing.



Newton