Would a 'user must change PIN at first login' option be appropriate here?
On Jul 28, 2012, at 12:00 , Todd Hodgen wrote: > I believe the rule based password is not a bad idea. I don’t believe you > want a system configured with a rule base password, EXCEPT, at startup. If > you are rolling out a system, you need a method to train end users, and a > method of having them go back to their desk and log onto their new voicemail. > It should be changed immediately by that end user. If a voicemail gets > hacked because someone didn’t change their password – they own the > consequences. There comes a point where reasonable implementation > strategies and responsible stewardship of your own user account have to meet. > > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Albershardt > Sent: Saturday, July 28, 2012 10:11 AM > To: Discussion list for users of sipXecs software > Subject: Re: [sipx-users] Default password / pin policy > > On Jul 28, 2012, at 6:32 , Mircea Carasel wrote: > > > As long as sipxecs/openuc doesn't ship with a well known default > password. Hackers would write scripts to test logins with those > passwords. If the feature didn't work until an admin specified a > default password, that would be fine. > Yes, so when sipxecs is shipped, there won't be any default password set. The > admin is the only that can specify the default password > When sipxecs is shipped, the default policy will be blank password (admin > will have to write passwords) > Other thing that we can do is to drop default password thing, and the default > password policy just to enable a rule of creating passwords, for example: > extension followed by character 0 up to 4 characters for voicemail pin, up to > 8 characters for password > > Rule-based defaults will still get hacked, even by casual users within the > organization. > > As long as the admin can define either a static or rule-based system default > I think this works.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
