• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

How do you distribute a new passwords?

Not a very technical question.

Say you need to change the admin account's password, or a password to a critical app.
Two questions:
-how do you notify that you are going to change the pwd,
-and after you finish changing the password, how do you distribute the new password?

Please share your experiences, and advice.
4 Solutions
If you are changing any password: You said a mail like the admin accounts password is changing on so and so date and the password is like company name and your date of joining.
Tiras25Author Commented:
No idea what you talking about.
Each admin should have their own credentials (username/password).

Then you may want to force each admin to change his/her password - but they should do it themselves, so that the password does not need to be distributed.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tiras25Author Commented:
How about the app passwords?  Not ad authenticated.
Garry GlendownConsulting and Network/Security SpecialistCommented:
I would reckon this depends greatly on your organization - how many people are affected, where are they, do secured means of communication exist (in case of distributed locations where affected users are), ... when our company changes relevant passwords, we can tell everybody ...

As for information of a change of passwords, I would assume you already have some sort of mailing list or company-wide information/news tool. If not, check out some of the open source tools around ... we've started using OpenEMM to distribute maintenance information, using different fields to add the possibility of addressing certain people for a limited scope maintenance.

As for distributing the new password - for an organization with spread out personnel, of course some means of encrypted communication (e.g. PGP/GPG) would be ideal. Another possibility would be direct information of one relevant person per site (e.g. via phone), then have them redistribute the information to the relevant people at that site. Last thing that comes to mind - sealed envelope with the information, possibly by registered mail with personal delivery only.
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Firstly we have password that are difficult for anyone to anticipate something like $!US*2013#$ ...... no distribution using email or whatever just some method that others shouldnt be able to track .... like i have in my phone Notes\Drafts

- Rancy
One option is to send passwords via SMS, but make sure you do not send the username too.

Anyway, that password should preferably have a short expiry, and the user should be forced to change it in the App.
We use the password safe "keepass" a free opensource solution.

When I change a password, I inform all administrators by mail and point them to the password safe on a network share. Of cause this can also be dropbox.

The password of the safe would be distributed personally.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now