Hi!
I would suggest you to write a 'Change Password' page for all four applications.
Ask user for self registration to your system, (user provides his password).
Approve this request.
Redirect him to a page where he has to provide a new password for all
the four applications.
With this, password is more and more safe that even administrator is
unaware of the same.
Remember, as a administrator, if you know the password of business
users, you can not claim for 'non-repudiation'.
I know this solution requires some additional activites, but it is
worth doing it.
Thanks,
-Babu.
On 2 Jan 2007 22:51:54 -0000, krymson@gmail.com <krymson@gmail.com> wrote:
I like that idea, and did this myself when I did desktop support. Don't make
this task too hard, as it really is not.
Make up your sheet of passwords and deliver it to the new employee by hand.
Don't keep your own copies either printed or electronic. If HR prefers, you can
deliver it to HR to deliver to the user, but when it is your choice, hand
deliver it to the user. Don't set it on the desk for their retrieval later,
actually witness that they are in possession of it.
Mention both verbally and on this paper that the information is highly sensitive and
private to them. Your policies should dictate rules about giving out account passwords,
and accidentally "sharing" them via a sheet left in plain site can be construed
as breaking policy.
Set as many of those accounts to require the user change their password on the
first logon.
Set as many of those accounts to unique, stronger passwords. This banks on the habit that
people don't change their passwords unless they need to. So don't let them keep
"password" as their intranet account for years. Also, don't use a predictable
pattern like their start date and initials. If they lose it or your forget it, just
remember you have the keys to change it to something else, so even you don't need to have
it predictable.
Always stress that those sheets should not be stored very long. Use that
opportunity (verbally or on the page again) to show them how to change their
passwords, and how to properly dispose of a sheet like that (shredded or secure
disposal bin).
<-snip->
Just wondering how people deal with giving new users their initial login
details. Our users often have to know logins for four different systems in
their first week and I wanted to give them a sheet with these details on
them. Obviously each system will ask for a passphrase change when first
logging in.
Also, the sheet would have something along the lines of 'How to choose a
strong passphrase that does not contain your cat's name or your favourire
football team but is easy to remeber'.
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
