Securing access to accounts created by SysAdmin

To comply with FDA regulations on Electronic Records & Signatures, we need to implement additional security controls.

An open question is how to effectively control new accounts (ID/password) created by a System Administrator. If the SysAdmin 'knows' the initial password, the account is open to abuse. What options/solutions exist relative to creation of new accounts such that only the 'authentic' new user can access/use the account?

Most systems have a way that you can give a user an initial password that they *must* change when they first log in. This is a good way to make this so it will work. You set up the new user with some easy-to-create password, and then force them to change it to something that only they know.

Should a SysAdmin use the account, then the password will be changed and the proper user will know about it.

For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Password security
Security Policies Tip: Security considerations when creating a new user account
Security Policies Tip: Passwords: Complexity equals easy to forget

This was first published in June 2002

Dig deeper on Enterprise User Provisioning Tools



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: