[TriLUG] Securely and Accurately transmit passwords
William Sutton
william at trilug.org
Mon Oct 1 14:35:55 EDT 2007
How complex of a password are we talking about here? I'm curious if, even
*IF* you implement a secure password transmission system, they still won't
just copy them down onto a sticky note and afix it to their monitors.
William Sutton
On Mon, 1 Oct 2007, Chris Knowles wrote:
> Let's assume no.
>
> Also, we looked at something like keepass. (Actually we looked at
> PasswordSafe), but then the question is, how do we get them the password
> to decrypt the database?
>
> (The systems in question are old/odd enough to not interoperate with any
> generalized LDAP/SSI type solution)
>
> CJK
>
>
>
> On Mon, 2007-10-01 at 14:21 -0400, William Sutton wrote:
>> I have to ask this....can you not provide them with some sort of key
>> authentication mechanism?
>>
>> William Sutton
>>
>>
>> On Mon, 1 Oct 2007, Chris Knowles wrote:
>>
>>> Seeking advice, anecdotes, ideas...
>>>
>>> Here's my situation. I have a pool of 20+ people that are off-site.
>>>
>>> I occasionally have need of communicating to them system password
>>> changes.
>>>
>>> In the past, we've sent them cards with the passwords printed on them,
>>> with admonishments to destroy cards after the item has been committed to
>>> memory.
>>>
>>> Recently we've started seeing that they've taken these cards, taped them
>>> into their laptops in plain sight. (And occasionally annotated them
>>> with much too much information as to what that password would buy you.)
>>>
>>> Since the passwords are complex, phone conversations tend to lead to a
>>> lot of phonetic spelling and shouting.
>>>
>>> Since the some of users have POP accounts for their e-mail I don't want
>>> to use e-mail as a secure method of sending them passwords..
>>>
>>> So, what do *you* use for password distribution?
>>>
>>> CJK
>>>
>
More information about the TriLUG
mailing list