how to treat passwords when creating a new user

31 Jan 2007 - 9:00am
7 years ago
5 replies
748 reads
Gil Barros
2006

Hi all,

I'm working on a project where one user creates the accounts for several other
users (typically one manager to 4 to 20 operators). It's an equipment (not
office environment, not web) and the operators may have only a numeric keypad.

We've seen 3 options so far:

1. When the manager creates an account, he also creates a password for that
user. It's up to the manager/operator relationship to make that the real
password or to require the operator to change it (the system won't care about it).

2. When the manager creates an account, it already has a default password, and
the user should change it on first use (but not required to).

3. When the manager creates an account, it doesn't have a password, and the 1st
thing that happens when this user logs in for the first time is the process of
creating a password.

We're leaning towards the 1st option but it has it's problems. Does someone know
of a better way to do this?

Thanks!
Gil.

Comments

31 Jan 2007 - 10:56am
Dante Murphy
2006

Go with option 2, and make the password something that the employee will
easily know/recall but has some measure of uniqueness or security. Many
similar systems in the US assign the last 4 digits of the employee's SSN
as a temporary password, perhaps there is a similar number you could
use.

_______________________________________
Dante Murphy | Director of Information Architecture
Medical Broadcasting Company | A D I G I T A S INC. COMPANY

-----Original Message-----
Subject: [IxDA Discuss] how to treat passwords when creating a new user

Hi all,

I'm working on a project where one user creates the accounts for several
other
users (typically one manager to 4 to 20 operators). It's an equipment
(not
office environment, not web) and the operators may have only a numeric
keypad.

We've seen 3 options so far:

1. When the manager creates an account, he also creates a password for
that
user. It's up to the manager/operator relationship to make that the real
password or to require the operator to change it (the system won't care
about it).

2. When the manager creates an account, it already has a default
password, and
the user should change it on first use (but not required to).

3. When the manager creates an account, it doesn't have a password, and
the 1st
thing that happens when this user logs in for the first time is the
process of
creating a password.

We're leaning towards the 1st option but it has it's problems. Does
someone know
of a better way to do this?

Thanks!
Gil.

31 Jan 2007 - 3:25pm
cfmdesigns
2004

>From: Gil Barros <gil.barros at formato.com.br>
>
>2. When the manager creates an account, it already has a default password, and
>the user should change it on first use (but not required to).
>
>3. When the manager creates an account, it doesn't have a password, and the 1st
>thing that happens when this user logs in for the first time is the process of
>creating a password.
>
>
>We're leaning towards the 1st option but it has it's problems. Does someone know
>of a better way to do this?

I've usually seen a bridge of #2 and #3: the account gets created with a default password -- typically the same one for every new account on the system -- and the user is required to change the password on first sign in. This way you have the security of there being *some* password in case the user doesn't access it the moment the account is created, but the user is not allowed to keep that default password since everyone else knows it, too.

Better still is if you can have all your systems tied into a central network password, so the new user sets his password for e-mail and then has it automatically updated for all the other systems, and he doesn't have to remember a dozen different passwords throughout the system.

-- Jim

2 Feb 2007 - 3:19pm
Gil Barros
2006

Dante and Jim,

Dante Murphy escreveu (31.01.07 13:56):
> Go with option 2, and make the password something that the employee will
> easily know/recall but has some measure of uniqueness or security. Many
> similar systems in the US assign the last 4 digits of the employee's SSN as a
> temporary password, perhaps there is a similar number you could use.

SSN is an interesting idea, since there's a similar number.

Jim Drew escreveu (31.01.07 18:25):
> I've usually seen a bridge of #2 and #3: the account gets created with a
> default password -- typically the same one for every new account on the
> system -- and the user is required to change the password on first sign in.
> This way you have the security of there being *some* password in case the
> user doesn't access it the moment the account is created, but the user is not
> allowed to keep that default password since everyone else knows it, too.

We did think about this option, actually.

The reason we're trying to avoid it is because we have some operators with very
little computer literacy and the "new password on 1st login" operation might be
a problem right on first contact.

On the current system they don't have username and password, it's just an "open"
system (the equipment is in a controled area already).

> Better still is if you can have all your systems tied into a central network
> password, so the new user sets his password for e-mail and then has it
> automatically updated for all the other systems, and he doesn't have to
> remember a dozen different passwords throughout the system.

Yes, usernames and passwords are system-wide, and it was a usability requirement ;-)

Thanks for the input,
Gil.

2 Feb 2007 - 3:43pm
Mark Canlas
2003

What exactly is the problem in question? Also, is the manager always
creating these accounts in bulk, or is this something that will happen only
when there are new operators (assuming once in bulk when the system is first
set up)?

What you could do is the Wordpress way (and I'm sure in many others) of
generating a random password for each user every time an account is created.
That way the system isn't vulnerable to opportunistic use of the skeleton
password.

-Mark

> -----Original Message-----
> From: discuss-bounces at lists.interactiondesigners.com [mailto:discuss-
> bounces at lists.interactiondesigners.com] On Behalf Of Gil Barros
> Sent: Wednesday, January 31, 2007 9:00 AM
> To: discuss at ixda.org
> Subject: [IxDA Discuss] how to treat passwords when creating a new user
>
> I'm working on a project where one user creates the accounts for
> several other
> users (typically one manager to 4 to 20 operators). It's an equipment
> (not
> office environment, not web) and the operators may have only a numeric
> keypad.
>
> ...
>
> We're leaning towards the 1st option but it has it's problems. Does
> someone know
> of a better way to do this?

5 Feb 2007 - 1:17pm
Josh
2006

There are a couple concerns that might be relevant.

1. I recommend against number 1 for security reasons. We've run into
circumstances with security auditors where one of their top concerns was
login security and having access to passwords by a manager or account
administrator was a problem. There really isn't any reason anyone should
have access to someone else's login credentials.

Have you considered a process where a manager creates an account for an
operator without a password. The operator receives a notification that an
account has been created for them maybe via email or on a post-it note. When
the operator enters the system, the system knows which operator it is (web
this can be done by specific links generated, not sure how to do this when
not web-based) and prompts them to create a password and confirm it. This
way you solve the problem of manager interaction with login credentials and
you don't have to create a default.

Have you considered not using password authentication?

- Josh Viney

Syndicate content Get the feed