• Subject: RE: How to preserve password change date
  • From: "Kahn, David (kahn)" <KAHN@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 20 Nov 1997 07:36:26 +0500

Eric,

Yes indeed; the weakest link in the chain. I know what I would have done
in this situation, but what did you do?

Dave Kahn, TCO, Kazakstan
=========

kahn@tengizchevroil.com   (to November 25)
dkahn@cix.compulink.co.uk (from November 26)

>-----Original Message-----
>From:  Kempter, Eric [SMTP:EKempter@smsocs.com]
>Sent:  Wednesday, 19 November, 1997 22:36
>To:    'midrange-l@midrange.com'
>Subject:       RE: How to preserve password change date
>
>
>At a former position, we had a security procedure very similar to the one   
>that Dave describes.  When a new user profile is set up, the profile is   
>set up as expired so that the user must change their password when they   
>initially sign on.   This way the user should be the only one that knows   
>their password.  I was relatively certain that our security integrity was   
>intact until one day.
>I was showing a new employee and their supervisor how to change their   
>password on a new profile.  Everything went smoothly, the supervisor and   
>I both looked away as the user entered and confirmed their new password.   
> As I was walking away, I heard the supervisor ask the new employee what   
>their password was.  I returned and asked the supervisor why she wanted   
>to know.  It turned out that the supervisor required all of her employees   
>to give her their password so that she could access their e-mail if they   
>called in sick.  She then proceeded to show me her list of names and   
>passwords for every person in customer service (25 people at the time).   
> She was also telling her employees where this list was kept in case they   
>forgot their password and needed to look it up.  Talk about your security   
>holes!
>
>
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].