Passwords

0 pts.
Tags:
Access control
Application security
backdoors
Biometrics
Browsers
Business/IT alignment
Compliance
configuration
CRM
Current threats
Database
Digital certificates
Disaster Recovery
Encryption
Exchange security
filtering
Firewalls
Forensics
Hacking
human factors
Identity & Access Management
Incident response
Instant Messaging
Intrusion management
Microsoft Exchange
Network security
patching
PEN testing
Platform Security
Policies
provisioning
Risk management
Secure Coding
Security
Security Program Management
Security tokens
Servers
Single sign-on
Spyware
SSL/TLS
Trojans
Viruses
VPN
vulnerability management
Web security
Wireless
worms
Hi all, What do you recommend for initial password issue, that is, provided a new user with a password for the first time without compromising it. I find the entire help desk giving password initially or sysadmins doing that is not save enough even though the user will be prompted to change it at first log on. Cheers
ASKED: July 4, 2006  8:11 AM
UPDATED: November 24, 2007  6:27 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

There is nothing wrong with giving a user a password for the first time. Its a requirement. What you have to do is standardize the password for all new users eg password1$ for all new account. Its safe enough

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Wrobinson
    This is a question of how user provisioning takes place in your oganization and determining the most efficient and secure procedure for issuing the initial password. When a user account is created, a password must be entered; this is done by whoever creates the account. There are a few things that you can do: 1. Use a default password or set of passwords 2. Use a unique, randomly generated password using a a utility If the account is created in advance, then it should be disabled until the user is ready to logon for the first time. You can also setup auditing and alerting to detect if and when disabled accounts are enabled and/or used to logon. Example random password generators: http://www.pctools.com/guides/password/ http://www.thebitmill.com/tools/password.html http://www.goodpassword.com/index.htm There are a lot more on the Internet. Good luck and remember to have fun!
    5,625 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following