Security Basics mailing list archives
RE: Password communication
From: "Nick Duda" <nduda () VistaPrint com>
Date: Thu, 3 Jan 2008 11:52:01 -0500
Telephone is the best choice there...to say its in-secure isn't true. If it was secure then financial institutions would not use it for service. They put in place a compensation control for it, like asking information from your credit report....think of a compensation control that is specific to your business. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of pepsdiaz () gmail com Sent: Thursday, January 03, 2008 4:09 AM To: security-basics () securityfocus com Subject: Password communication Dear all, We are trying to implement a password policy in our Organization and we have some doubts when distributing the password to all the employees. I would like to know which is the best way to communicate the new password when the user block/forgot his password. 1) We donĀ“t want to use an envelope because it takes long time. 2) Telephone is insecure, how to authenticate the user? 3) email is also insecure... 4) PKI... expensive? Thanks to all in advance.
Current thread:
- Password communication pepsdiaz (Jan 03)
- RE: Password communication Nick Duda (Jan 03)
- RE: Password communication Sam Hansen (Jan 03)
- RE: Password communication Nick Vaernhoej (Jan 03)
- RE: Password communication Petter Bruland (Jan 03)
- Re: Password communication Dante Signal31 (Jan 04)
- RE: Password communication Sinha, Amitabh (Amit) (Jan 07)
- RE: Password communication Petter Bruland (Jan 03)
- Re: Password communication Nikhil Wagholikar (Jan 03)
- RE: Password communication Ronny Roethof (Jan 04)
- Re: Password communication mgk.mailing (Jan 04)
- Re: Password communication Gleb Paharenko (Jan 07)
- Re: Password communication Serg B (Jan 07)
- Re: Password communication Gleb Paharenko (Jan 07)
(Thread continues...)
- RE: Password communication Nick Duda (Jan 03)