Password Distribution Best Practice

Discussion in 'other security issues & news' started by Newton, Aug 16, 2005.

Thread Status:
Not open for further replies.
  1. Newton

    Newton Registered Member

    Joined:
    Aug 16, 2005
    Posts:
    2
    I work at a mid-sized company that has several hundred users scattered around the US in different locations and we have the usual password issues associated with terminated employees, new users, and re-sets all clogging up the Help Desk lines.

    Thing is, just how should we be notifying users of their new (or re-set) passwords. E-Mail obviously won't work for Network layer or E-Mail account (obviously) passwords, so is verbal notification ok following verification of user identity?

    Just how should we be handling this.

    Thanks in advance guys !


    Newton
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Hey Newton...welcome to Wilders! :)

    Password policy is always an issue.
    Once way to help keep it a little more secure if you do the "over-the-phone" method.

    Call the user and then have the user do a call-back. This will ensure that the users are actually getting ahold of the correct people and not someone trying to phish for their password via phone call.

    ~my thoughts :)
     
  3. Newton

    Newton Registered Member

    Joined:
    Aug 16, 2005
    Posts:
    2
    Thanks Capp that's about where I'm at with this too.

    I'm just wondering if there's a "best practice" loophole I'm missing.



    Newton
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.