[TriLUG] Securely and Accurately transmit passwords

William Sutton william at trilug.org
Mon Oct 1 14:42:14 EDT 2007 

Then may I suggest cutting off segments of fingers until they get the 
message?

William Sutton


On Mon, 1 Oct 2007, Chris Knowles wrote:

> Oh yeah, that's ALWAYS an option.
>
> Mainly I was just interested in what the Luggers were doing in similar
> situations.
>
> CJK
>
> On Mon, 2007-10-01 at 14:35 -0400, William Sutton wrote:
>> How complex of a password are we talking about here?  I'm curious if, even
>> *IF* you implement a secure password transmission system, they still won't
>> just copy them down onto a sticky note and afix it to their monitors.
>>
>> William Sutton
>>
>>
>> On Mon, 1 Oct 2007, Chris Knowles wrote:
>>
>>> Let's assume no.
>>>
>>> Also, we looked at something like keepass.  (Actually we looked at
>>> PasswordSafe), but then the question is, how do we get them the password
>>> to decrypt the database?
>>>
>>> (The systems in question are old/odd enough to not interoperate with any
>>> generalized LDAP/SSI type solution)
>>>
>>> CJK
>>>
>>>
>>>
>>> On Mon, 2007-10-01 at 14:21 -0400, William Sutton wrote:
>>>> I have to ask this....can you not provide them with some sort of key
>>>> authentication mechanism?
>>>>
>>>> William Sutton
>>>>
>>>>
>>>> On Mon, 1 Oct 2007, Chris Knowles wrote:
>>>>
>>>>> Seeking advice, anecdotes, ideas...
>>>>>
>>>>> Here's my situation.  I have a pool of 20+ people that are off-site.
>>>>>
>>>>> I occasionally have need of communicating to them system password
>>>>> changes.
>>>>>
>>>>> In the past, we've sent them cards with the passwords printed on them,
>>>>> with admonishments to destroy cards after the item has been committed to
>>>>> memory.
>>>>>
>>>>> Recently we've started seeing that they've taken these cards, taped them
>>>>> into their laptops in plain sight.  (And occasionally annotated them
>>>>> with much too much information as to what that password would buy you.)
>>>>>
>>>>> Since the passwords are complex, phone conversations tend to lead to a
>>>>> lot of phonetic spelling and shouting.
>>>>>
>>>>> Since the some of users have POP accounts for their e-mail I don't want
>>>>> to use e-mail as a secure method of sending them passwords..
>>>>>
>>>>> So, what do *you* use for password distribution?
>>>>>
>>>>> CJK
>>>>>
>>>
>

More information about the TriLUG mailing list