Related Posts
Hi can we check PMR in workday ?
Additional Posts in Cyber Security Bowl
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.
Hi can we check PMR in workday ?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Download the Fishbowl app to unlock all discussions on Fishbowl.
Copy and paste embed code on your site

Scan your QR code to download
Fishbowl app on your mobile

How secure do you want to get here? Are we talking sending along a biometric encrypted thumb drive with the device that allows end user to access a private RSA key that's used for temporarily unlocking the device and unlocking a password manager on that device?
Or something like the above but sending something along like a FIPS enabled yubikey for more of a hardware token approach? For more security - mail each item separately - overnight on different days from different addresses? I actually really like this option lol.
Or are we talking about something more like having the user call into Tech Support when they get their device and having Tech Support provide a one time token over the phone? Enabling end user to access a "set your password" screen?
Or are we talking have the end user drive down to office A, enter a faraday shielded room, where they're provided the laptop and are prompted to set the password? Instruct end user that upon leaving the secure room, to connect to the internal-only sandboxed network so the computer can push the new password to the AD servers.
Lots of possible solutions with varying degrees of complexity and security. I think most places just send printed instructions for setting up the laptop with a temporary password with the laptop to the end user. If I wanted a secure means to do this but wasn't worried about Government secrets or anything of that nature - just every day employee on boarding - I'd totally go the yubikey route. Best security to effort to cost ratio.
lol it's all good. Yeah, I think yubikey could be a good solution for what you're looking for. Take a look at their documentation to see if it matches up with what you need. The beauty there is that it doubles as an MFA hardware token so your employees can continue using it - it's not one and done. Another option is RSA tokens, but those tend to be more expensive and don't always have the best integration records.
Just remember - mail the yubikey separately. Maybe before the password. Overnight the yubikey with a welcome packet ("This is your MFA hardware that you'll use to activate your laptop which should arrive tomorrow! blah blah blah, here's some complimentary merch, welcome to the team!") And overnight the laptop the next day. Super simple. Super secure.