How do you distribute a new passwords?

Posted on 2013-01-28
Medium Priority
Last Modified: 2013-01-30
Not a very technical question.

Say you need to change the admin account's password, or a password to a critical app.
Two questions:
-how do you notify that you are going to change the pwd,
-and after you finish changing the password, how do you distribute the new password?

Please share your experiences, and advice.
Question by:Tiras25

Expert Comment

ID: 38829777
If you are changing any password: You said a mail like the admin accounts password is changing on so and so date and the password is like company name and your date of joining.
LVL 17

Author Comment

ID: 38831894
No idea what you talking about.
LVL 17

Expert Comment

ID: 38834061
Each admin should have their own credentials (username/password).

Then you may want to force each admin to change his/her password - but they should do it themselves, so that the password does not need to be distributed.
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

LVL 17

Author Comment

ID: 38834078
How about the app passwords?  Not ad authenticated.
LVL 18

Accepted Solution

Garry Glendown earned 500 total points
ID: 38834079
I would reckon this depends greatly on your organization - how many people are affected, where are they, do secured means of communication exist (in case of distributed locations where affected users are), ... when our company changes relevant passwords, we can tell everybody ...

As for information of a change of passwords, I would assume you already have some sort of mailing list or company-wide information/news tool. If not, check out some of the open source tools around ... we've started using OpenEMM to distribute maintenance information, using different fields to add the possibility of addressing certain people for a limited scope maintenance.

As for distributing the new password - for an organization with spread out personnel, of course some means of encrypted communication (e.g. PGP/GPG) would be ideal. Another possibility would be direct information of one relevant person per site (e.g. via phone), then have them redistribute the information to the relevant people at that site. Last thing that comes to mind - sealed envelope with the information, possibly by registered mail with personal delivery only.
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 500 total points
ID: 38834093
Firstly we have password that are difficult for anyone to anticipate something like $!US*2013#$ ...... no distribution using email or whatever just some method that others shouldnt be able to track .... like i have in my phone Notes\Drafts

- Rancy
LVL 17

Assisted Solution

pergr earned 500 total points
ID: 38834108
One option is to send passwords via SMS, but make sure you do not send the username too.

Anyway, that password should preferably have a short expiry, and the user should be forced to change it in the App.
LVL 27

Assisted Solution

Tolomir earned 500 total points
ID: 38834109
We use the password safe "keepass" a free opensource solution.

When I change a password, I inform all administrators by mail and point them to the password safe on a network share. Of cause this can also be dropbox.

The password of the safe would be distributed personally.


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question