On Sat, Jul 28, 2012 at 10:51 PM, Kurt Albershardt <[email protected]> wrote:
> Would a 'user must change PIN at first login' option be appropriate here? > Yes, we have scheduled this for release 4.6.1 mircea > > > > On Jul 28, 2012, at 12:00 , Todd Hodgen wrote: > > I believe the rule based password is not a bad idea. I don’t believe you > want a system configured with a rule base password, EXCEPT, at startup. > If you are rolling out a system, you need a method to train end users, and > a method of having them go back to their desk and log onto their new > voicemail. It should be changed immediately by that end user. If a > voicemail gets hacked because someone didn’t change their password – they > own the consequences. There comes a point where reasonable implementation > strategies and responsible stewardship of your own user account have to > meet.**** > ** ** > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kurt Albershardt > *Sent:* Saturday, July 28, 2012 10:11 AM > *To:* Discussion list for users of sipXecs software > *Subject:* Re: [sipx-users] Default password / pin policy**** > ** ** > On Jul 28, 2012, at 6:32 , Mircea Carasel wrote:**** > > > **** > > As long as sipxecs/openuc doesn't ship with a well known default > password. Hackers would write scripts to test logins with those > passwords. If the feature didn't work until an admin specified a > default password, that would be fine.**** > > Yes, so when sipxecs is shipped, there won't be any default password set. > The admin is the only that can specify the default password **** > When sipxecs is shipped, the default policy will be blank password (admin > will have to write passwords)**** > Other thing that we can do is to drop default password thing, and the > default password policy just to enable a rule of creating passwords, for > example: extension followed by character 0 up to 4 characters for voicemail > pin, up to 8 characters for password**** > ** ** > Rule-based defaults will still get hacked, even by casual users within the > organization.**** > ** ** > As long as the admin can define either a static or rule-based system > default I think this works.**** > > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ >
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
