C
C
caesar-neron2019-07-03 11:54:32
System administration
caesar-neron, 2019-07-03 11:54:32

How to share passwords with employees?

Colleagues, good afternoon.
I would like to discuss with you a way to transfer confidential information to company employees, first of all - account passwords.
Description: the organization has a distributed structure, hundreds of employees work outside the central office, therefore, passwords will have to be transferred to them remotely.
Standard situations:
1) a new employee - his manager makes an application to the IT department to create an account, as a rule, he informs the contact phone number of the new employee.
What communication channels are best used to transfer the login/password? (you need to take into account that not all employees will have access to the Internet)
2) current employee - there is an appeal to the IT department of the format: "... I am Petrov I.A., I forgot my password"
How should a system administrator identify a person who calls him and claims to be Petrov? Theoretically, the system administrator may have access to the personal data of employees (phone, passport)

Answer the question

In order to leave comments, you need to log in

9 answer(s)
S
Saboteur, 2019-07-03
@caesar-neron

1. Always send a temporary password with an automatic requirement to change the password at the first login.
2. You can transfer the password through a trusted person.
This can be the immediate supervisor of the employee, or a separate "security sponsor" - select several people so that there are 1-2 security sponsors in each location who could personally meet with the employee to transfer the password.
3. It is technically possible - to register an employee's phone number, his external mail. But this is only for the main password (login to the domain / mail). To increase security, you can divide the password into two parts, send half to the mail / phone, half through the manager / HR.
4. If this is a password from secondary systems, then you can send a temporary password to corporate mail.

R
Ronald McDonald, 2019-07-03
@Zoominger

First of all - passwords from accounts.

Either personally or through the head, and there are already his problems.
Through the hands of the driver, again, he confirms the application.
Yes, I forgot to clarify that the password is temporary and changes at the first login.

Z
ZakkMalin, 2019-07-03
@ZakkMalin

By SMS a short link to the leading page to create a password

P
Pavel Shvedov, 2019-07-03
@mmmaaak

One part of the password in SMS, the second part by email, the third honor on a piece of paper by registered mail.

S
sim3x, 2019-07-03
@sim3x

1. Video call.
The leader along with the employee. There
, the employee reports his phone number and his email on a reliable service
His supervisor confirms
The employee creates an account with his email and phone number
The employee enters the email into your authorization service receives an SMS with a code enters your system and creates a password
when his phone or mail has changed
Again, with the participation of his boss
Everything is as in p1
In the case I forgot the password - the employee goes to your authorization service and receives a link to his mail with a password recovery form, in which he also needs to enter a code from SMS

Theoretically, the system administrator may have access to the personal data of employees (phone, passport)
No

S
Stalker_RED, 2019-07-03
@Stalker_RED

The user is given a link, he registers on it.
Enters his contacts, public key, etc.
Why does the manager (administrator, security officer) check the profile and give him rights, assign roles, that's all.
After obtaining the necessary roles, the user sees in his personal account the addresses of services, balls, servers, databases, and everything that he has access to.
I've never seen this in practice, but it's cool, isn't it?

A
Artem @Jump, 2019-07-03
Tag

As a rule, only the employee should know the password, and no one else.
Therefore, it is necessary to provide the user with the opportunity to create passwords for himself.
And you don't have to send anything.
If it is transmitted, then only a temporary password for the first login, and even then it is not necessary.

M
Maxim Korneev, 2019-07-04
@MaxLK

all new to create a certain standard password that is known to everyone and can be issued immediately upon employment. change it on first login. as an option, the "standard" password is made only for the account and mail with the requirement to change it at the first login, then the passwords are sent to the mail.

K
Karpion, 2020-01-05
@Karpion

You can consider the option - the password is issued / changed by the head of the department.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question