[TriLUG] Securely and Accurately transmit passwords
Chris Knowles
chrisk at trilug.org
Mon Oct 1 14:27:29 EDT 2007
Let's assume no.
Also, we looked at something like keepass. (Actually we looked at
PasswordSafe), but then the question is, how do we get them the password
to decrypt the database?
(The systems in question are old/odd enough to not interoperate with any
generalized LDAP/SSI type solution)
CJK
On Mon, 2007-10-01 at 14:21 -0400, William Sutton wrote:
> I have to ask this....can you not provide them with some sort of key
> authentication mechanism?
>
> William Sutton
>
>
> On Mon, 1 Oct 2007, Chris Knowles wrote:
>
> > Seeking advice, anecdotes, ideas...
> >
> > Here's my situation. I have a pool of 20+ people that are off-site.
> >
> > I occasionally have need of communicating to them system password
> > changes.
> >
> > In the past, we've sent them cards with the passwords printed on them,
> > with admonishments to destroy cards after the item has been committed to
> > memory.
> >
> > Recently we've started seeing that they've taken these cards, taped them
> > into their laptops in plain sight. (And occasionally annotated them
> > with much too much information as to what that password would buy you.)
> >
> > Since the passwords are complex, phone conversations tend to lead to a
> > lot of phonetic spelling and shouting.
> >
> > Since the some of users have POP accounts for their e-mail I don't want
> > to use e-mail as a secure method of sending them passwords..
> >
> > So, what do *you* use for password distribution?
> >
> > CJK
> >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20071001/695db81c/attachment.pgp>
More information about the TriLUG
mailing list