To comply with FDA regulations on Electronic Records & Signatures, we need to implement additional security controls. An open question is how to effectively control new accounts (ID/password) created by a System Administrator. If the SysAdmin 'knows' the initial password, the account is open to abuse. What options/solutions exist relative to creation of new accounts such that only the 'authentic' new user can access/use the account...
Most systems have a way that you can give a user an initial password that they *must* change when they first log in. This is a good way to make this so it will work. You set up the new user with some easy-to-create password, and then force them to change it to something that only they know.
Should a SysAdmin use the account, then the password will be changed and the proper user will know about it.
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Password security
Security Policies Tip: Security considerations when creating a new user account
Security Policies Tip: Passwords: Complexity equals easy to forget
Dig Deeper on Enterprise User Provisioning Tools
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.