[TriLUG] Securely and Accurately transmit passwords

Chris Knowles chrisk at trilug.org
Mon Oct 1 14:39:24 EDT 2007 

Oh yeah, that's ALWAYS an option.

Mainly I was just interested in what the Luggers were doing in similar
situations.

CJK

On Mon, 2007-10-01 at 14:35 -0400, William Sutton wrote:
> How complex of a password are we talking about here?  I'm curious if, even 
> *IF* you implement a secure password transmission system, they still won't 
> just copy them down onto a sticky note and afix it to their monitors.
> 
> William Sutton
> 
> 
> On Mon, 1 Oct 2007, Chris Knowles wrote:
> 
> > Let's assume no.
> >
> > Also, we looked at something like keepass.  (Actually we looked at
> > PasswordSafe), but then the question is, how do we get them the password
> > to decrypt the database?
> >
> > (The systems in question are old/odd enough to not interoperate with any
> > generalized LDAP/SSI type solution)
> >
> > CJK
> >
> >
> >
> > On Mon, 2007-10-01 at 14:21 -0400, William Sutton wrote:
> >> I have to ask this....can you not provide them with some sort of key
> >> authentication mechanism?
> >>
> >> William Sutton
> >>
> >>
> >> On Mon, 1 Oct 2007, Chris Knowles wrote:
> >>
> >>> Seeking advice, anecdotes, ideas...
> >>>
> >>> Here's my situation.  I have a pool of 20+ people that are off-site.
> >>>
> >>> I occasionally have need of communicating to them system password
> >>> changes.
> >>>
> >>> In the past, we've sent them cards with the passwords printed on them,
> >>> with admonishments to destroy cards after the item has been committed to
> >>> memory.
> >>>
> >>> Recently we've started seeing that they've taken these cards, taped them
> >>> into their laptops in plain sight.  (And occasionally annotated them
> >>> with much too much information as to what that password would buy you.)
> >>>
> >>> Since the passwords are complex, phone conversations tend to lead to a
> >>> lot of phonetic spelling and shouting.
> >>>
> >>> Since the some of users have POP accounts for their e-mail I don't want
> >>> to use e-mail as a secure method of sending them passwords..
> >>>
> >>> So, what do *you* use for password distribution?
> >>>
> >>> CJK
> >>>
> >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20071001/f7180e0c/attachment.pgp>

More information about the TriLUG mailing list