|
Security Basics
mailing list archives
Re: secure password communication
From: "adeel hussain" <ad33lh () gmail com>
Date: Mon, 22 Dec 2008 10:27:07 -0500
Hello Ron, Everyone,
The most commonly accepted method I have seen and implemented is to
issue the passwords to a password protected voicemail (preferably on
the companies own voice network but could be done to a known alternate
phone number). This provides the out of band communication and
authentication required to adequately secure the password without
incurring undue time, expense or complexity.
With this system the userID should not be listed in the voicemail.
This then necessitates the compromise, or administrative control, of
two systems (voice mail and email) by a single person or group.
Hope this helps.
Adeel
On Mon, Dec 22, 2008 at 12:34 AM, <sfmailsbm () gmail com> wrote:
Dear List,
we need to communicate first-time application passwords to remote users; wanted to know what are the practices
implemented out there to ensure that password is communicated in a secure, fast, cost-effective way
encrypted mails is not feasible for the time being, printing PIN Mailers and sending by post will be too lengthy
any ideas will be appreciated
many thanks,
Ron
 By Date 
By Thread
Current thread:
|
Intro
