[IxDA Discuss] FW: how to treat passwords when creating a new user

[Gil Barros]

Dante and Jim,

Dante Murphy escreveu (31.01.07 13:56):
> Go with option 2, and make the password something that the employee will 
> easily know/recall but has some measure of uniqueness or security.  Many 
> similar systems in the US assign the last 4 digits of the employee's SSN as a
> temporary password, perhaps there is a similar number you could use.

SSN is an interesting idea, since there's a similar number.


Jim Drew escreveu (31.01.07 18:25):
> I've usually seen a bridge of #2 and #3: the account gets created with a
> default password -- typically the same one for every new account on the
> system -- and the user is required to change the password on first sign in.
> This way you have the security of there being *some* password in case the
> user doesn't access it the moment the account is created, but the user is not
> allowed to keep that default password since everyone else knows it, too.

We did think about this option, actually.

The reason we're trying to avoid it is because we have some operators with very
little computer literacy and the "new password on 1st login" operation might be
a problem right on first contact.

On the current system they don't have username and password, it's just an "open"
system (the equipment is in a controled area already).


> Better still is if you can have all your systems tied into a central network
> password, so the new user sets his password for e-mail and then has it
> automatically updated for all the other systems, and he doesn't have to
> remember a dozen different passwords throughout the system.

Yes, usernames and passwords are system-wide, and it was a usability requirement ;-)


Thanks for the input,
Gil.