× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




I agree with that assesment. If both users are comfortable with those
situations, then that's their business, but they should be aware and accept
that risk.

I had worked with an IBM optical tech (a younger one) at one point on a
problem and had given (via a phone call) her a SECOFR level IBM support
signon when she was working on an in depth issue. When she tried it and it
didn't work (she typed it wrong), she emailed me to say 'the support
password ABCDE didn't work'. Why she had to include the actual password in
the email was lost on me... I was pretty upset.




"Jim Franz"
<franz400@xxxxxxx
r.com> To
Sent by: "Midrange Systems Technical
midrange-l-bounce Discussion"
s@xxxxxxxxxxxx <midrange-l@xxxxxxxxxxxx>
cc

10/08/2008 10:44 Subject
AM Re: Passwords in emails


Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>






I can't specify a written standard - but that email will reside in multiple

email servers, pass thru servers you have no control over, plus the user's
pc for a long time, even if email deleted.
I would not do it. If doing a pwd that is set to *expired so they have to
change it, cannot use same pwd over again (read that in PCI compliance
stuff).
I have seen people use a sentence to describe what an expired password is
set to - like :

Last letter of your 1st name plus
last 4 digits of your social sec# plus
your birth month (2 digits) plus
the digits 577 (this is random#)

I would then keep a list of records sent, and if not signed on within 24
hours, disable the account. Not sure this is any standard, but have seen in

several places.

Jim Franz

----- Original Message -----
From: "Burns, Bryan" <Bryan_Burns@xxxxxxxxxxxx>
To: <MIDRANGE-L@xxxxxxxxxxxx>
Sent: Wednesday, October 08, 2008 10:08 AM
Subject: Passwords in emails


What kind of risk do we take if I email an iSeries password to a remote
user using my Microsoft Outlook client? Is this forbidden by any
standards being that it's clear text?

Bryan Burns
iSeries Specialist
ECHO, Incorporated
Lake Zurich, Illinois

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


_____________________________________________________________________________

Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.