Looking for ideas! Has anyone come up with interesting solutions to securely share (or setup) user passwords on Day 1 of their joining the enterprise? Apart from the usual yellow post-it notes with pwds stuck to the laptop or emails to your manager or worse standard fixed passwords such as Welcome@123 😜

like
Posting as :
works at
You are currently posting as works at

How secure do you want to get here? Are we talking sending along a biometric encrypted thumb drive with the device that allows end user to access a private RSA key that's used for temporarily unlocking the device and unlocking a password manager on that device?

Or something like the above but sending something along like a FIPS enabled yubikey for more of a hardware token approach? For more security - mail each item separately - overnight on different days from different addresses? I actually really like this option lol.

Or are we talking about something more like having the user call into Tech Support when they get their device and having Tech Support provide a one time token over the phone? Enabling end user to access a "set your password" screen?

Or are we talking have the end user drive down to office A, enter a faraday shielded room, where they're provided the laptop and are prompted to set the password? Instruct end user that upon leaving the secure room, to connect to the internal-only sandboxed network so the computer can push the new password to the AD servers.

Lots of possible solutions with varying degrees of complexity and security. I think most places just send printed instructions for setting up the laptop with a temporary password with the laptop to the end user. If I wanted a secure means to do this but wasn't worried about Government secrets or anything of that nature - just every day employee on boarding - I'd totally go the yubikey route. Best security to effort to cost ratio.

like

lol it's all good. Yeah, I think yubikey could be a good solution for what you're looking for. Take a look at their documentation to see if it matches up with what you need. The beauty there is that it doubles as an MFA hardware token so your employees can continue using it - it's not one and done. Another option is RSA tokens, but those tend to be more expensive and don't always have the best integration records.

Just remember - mail the yubikey separately. Maybe before the password. Overnight the yubikey with a welcome packet ("This is your MFA hardware that you'll use to activate your laptop which should arrive tomorrow! blah blah blah, here's some complimentary merch, welcome to the team!") And overnight the laptop the next day. Super simple. Super secure.

Related Posts

My inboard portal is showing wrong dob and phone number and i m recieving mails to complete the document process plus the hr is not responding to my mails or calls. Should I submit the documents or wait for them to respond??

like

Do you know what is the salary range for a Senior Manager II at Walmart Home Office?

like

Hello fishes,
I'm looking for referrals for QA lead role in Bangalore. Kindly DM me if you have any. Thanks..

like

Hello Folks,
Can someone please let me know , what will be the basic package for Account specialist / account manager in Advertising ?

like
like

Hi can we check PMR in workday ?

like

I ordered dinner with wine at the airport. They brought me two glasses. Said it was my lucky day.

I deserved it anyway

like

Hi ! DOES ANYONE HAS CONTACT OF GENUINE CAREER COUNSELLORS FOR MASTERS ? PLEASE PLEASE

like

I’d love to work in a Blockchain related project in the future and just have a fundamental idea of it. What would you guys recommend? Any MOOC or certification in particular

like

I need some career advice. I finished my master's degree in international law (B.A.Sc international relations) but I am not sure where to go from here. I always wanted to join a big firm and I've applied to different vacancies in international firms/companies but got rejected from all of them.
Does anyone have any tips on certain job positions or companies where an LLM would prove to be useful with my background?
I'm starting to feel quite stuck in this situation and it's very demoralising.

like

Struggling with a decision. Just started a new role with good manager and WLB within healthcare technology. But another large tech firm/cloud/software reached out and willing to pay 20% more. Not sure what the WLF is for this other role. Should I take the better paying role?

like

I was interviewed for a perticular customer, which went well and also received an offer. Few days before of my joining date, i came to know that the technology stack from customer got changed and customer had no requirement for which i was hired. However parent company still hired me and now they're in process of allocating me in some other clients. Sometimes i feel insecure about this situation. How to cope up with such cases?

like

My bank makes you fill out a form if you want to work in the office for each individual day. It’s largely empty from what I hear. What are the risks if I were to go in and “borrow” an office chair for my new apt? How about a monitor?

funnylike
like

I'm 40F. Any point to my being in this bowl? Not being facetious, just see a lot of chat here and in the WhatsApp group about how the people in their early 30s are old, so don't want to waste my or anyone else's time...

like

Has anyone ever asked to renegotiate their salary after starting a job? I’m 2 months into my new job and I have far more responsibilities than what I was told. It’s a lot different than what was relayed in the posting and during the interviews. Additionally, they hired my counter part in as a senior manager which is at least $30k more than what I make. My peer has more experience so I expect that but I feel that I should be paid more, however I don’t want to leave a bad impression… any advice?

like

Since we're headed towards cold weather and the holiday season, let's talk about how we can take care of ourselves during the fall/winter and beyond. For example, I'm buying a sun lamp because it's about to be 50 degrees and raining for 6 months 🤦🏻‍♀️.

likeupliftinghelpful

Ugh I wanted to take my son to see a UFC match in person. Just so happens there is one in November at Madison Square Garden - great right! I knew the tickets would be expensive, was willing to pay $400 to $500 a ticket as long as they were decent. The cheapest ticket in the whole arena, basically top row so you can’t see crap, is $506 before you start with the fees!!! Am I wrong or is that just bananas???? Oh well, pay per view it is, maybe have some friends over. Just complaining… happy Friday!

like

Is there anything that we can do at the individual level to help improve the public perception of our profession?

like

When do you find it necessary to draw your weapon?

like

Additional Posts in Cyber Security Bowl

Hi Fishes. I am currently holding offer from BP and Citi , both offering the same package for penetration tester. Any idea which is an overall better option to choose?

like

New to the U.S., is the Healthcare Industry (via HIPAA), the only industry in the U.S. that legally mandates having a designated Privacy Officer? So for example, although GLBA has obvious privacy requirements, unlike with healthcare, financial institutions in the U.S. are not mandated by law to have a designated Privacy Officer?

like

Anyone have insight into guidehouse cyber culture?

like

How to make a jump to cloud security when I just have SOC experience? Currently studying for Solutions Architect cert

like

Privacy fish - Anyone taken the CIPM and can share what the exam is like?

Content outline seems like application of standard consulting approach, so how do they test it on an exam?

Any B4 IAM consultants make the move to Accenture? How is the talent experience (employee apps for time & expense, expense/travel policies, well being subsidy, stock options, etc) compared to what you’d find at D or EY? How do you find the quality of projects, and your role as a SC (which I understand is just “Consultant” at Accenture)? Worth making the jump or do you miss B4 life?

like

Anyone work in vulnerability and patch management? Is it as easy as running a norton scan and windows update on my personal computer? 🙂

like

I have interviews coming up with BCG. Any BCG Platinion folks willing to discuss example case interview questions?

like

I am considering a different career: On the Director or executive level, who earns more: Cybersecurity executive or the head of marketing/ head of commerce?
Trying to understand the glass ceiling here

like
like

Need to recertify my AWS-SAA cert. any recommendations on best resources given the new test format (SAA-CO2)?

like

Tired of your job and want to come to KPMG Cyber Services? Drop me a burner here.

likefunny

Do we have professionals from Brisbane, or other Australian cities here?

I wanted to know what do you guys think I should ask for expected compensation - my profile is :

3 Years into InfoSec compliance around ISO27001; SSAE-18; CIS

1 Year into Identity and Access Management (PAM focussed)

Holding ISO27001LA, CompTIA Security+, AZ900.

In next 4 months I target to achieve AZ500, and CISSP.

Can someone please evaluate and tell me what can I ask in AUD ? Pre and Post CISSP

Thanks in Advance

like

Anyone studying toward the CIPM have any tips or study resources? Particularly those with a legal background working in privacy and regulatory compliance (non-IT cybersec). Would be delighted to connect. TIA ⭐

like

For those who have passed the CIPM exam, what is it like (and how does it compare to the CIPP/US exam)?

Has anyone gone through the deloitte cyber risk interview process recently? How many interviews did you have and how was the process?? Salary?

like

Does anyone know if Focal Point Data Risk is a good place to work at? Their recruiter reached out for a Principal Consultant role and I am wondering if they are a reputed name in the industry.

like

Is there a demand for privacy professionals? Been seeing this discussed more and more recently

like

Cyber managers in Ontario, could you please help me with approx salary ranges?

like

Thinking of moving from Big4 cyber to Accenture cyber. Any major differences (other than no channel restrictions).

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal