Q

Securing access to accounts created by SysAdmin

To comply with FDA regulations on Electronic Records & Signatures, we need to implement additional security controls....

An open question is how to effectively control new accounts (ID/password) created by a System Administrator. If the SysAdmin 'knows' the initial password, the account is open to abuse. What options/solutions exist relative to creation of new accounts such that only the 'authentic' new user can access/use the account?


Most systems have a way that you can give a user an initial password that they *must* change when they first log in. This is a good way to make this so it will work. You set up the new user with some easy-to-create password, and then force them to change it to something that only they know.

Should a SysAdmin use the account, then the password will be changed and the proper user will know about it.


For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Password security
Security Policies Tip: Security considerations when creating a new user account
Security Policies Tip: Passwords: Complexity equals easy to forget


This was last published in June 2002

Dig Deeper on Enterprise User Provisioning Tools

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close