Which of the following is the BEST method to provide a new user with their initial password for email system access?

Which of the following is the BEST method to provide a new user with their initial password for email system access?

Which of the following is the BEST method to provide a new user with their initial password for email system access?

A.
Interoffice a system-generated complex password with 30 days expiration

B.
Give a dummy password over the telephone set for immediate expiration

C.
Require no password but force the user to set their own in 10 days

D.
Set initial password equal to the user ID with expiration in 30 days

Explanation:

Documenting the password on paper is not the best method even if sent through interoffice mail if
the password is complex and difficult to memorize, the user will likely keep the printed password
and this creates a security concern. A dummy (temporary) password that will need to be changed
upon first logon is the best method because it is reset immediately and replaced with the user’s
choice of password, which will make it easier for the user to remember. If it is given to the wrong
person, the legitimate user will likely notify security if still unable to access the system, so the
security risk is low. Setting an account with no initial password is a security concern even if it is
just for a few days. Choice D provides the greatest security threat because user IDs are typically
known by both users and security staff, thus compromising access for up to 30 days.



Leave a Reply 0

Your email address will not be published. Required fields are marked *