Password Distribution Best Practice

Discussion in 'other security issues & news' started by Newton, Aug 16, 2005.

Thread Status:
Not open for further replies.
  1. Newton

    Newton Registered Member

    Joined:
    Aug 16, 2005
    Posts:
    2
    I work at a mid-sized company that has several hundred users scattered around the US in different locations and we have the usual password issues associated with terminated employees, new users, and re-sets all clogging up the Help Desk lines.

    Thing is, just how should we be notifying users of their new (or re-set) passwords. E-Mail obviously won't work for Network layer or E-Mail account (obviously) passwords, so is verbal notification ok following verification of user identity?

    Just how should we be handling this.

    Thanks in advance guys !


    Newton
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Hey Newton...welcome to Wilders! :)

    Password policy is always an issue.
    Once way to help keep it a little more secure if you do the "over-the-phone" method.

    Call the user and then have the user do a call-back. This will ensure that the users are actually getting ahold of the correct people and not someone trying to phish for their password via phone call.

    ~my thoughts :)
     
  3. Newton

    Newton Registered Member

    Joined:
    Aug 16, 2005
    Posts:
    2
    Thanks Capp that's about where I'm at with this too.

    I'm just wondering if there's a "best practice" loophole I'm missing.



    Newton
     
Loading...
Thread Status:
Not open for further replies.