Device Access Security - Distribute initial credentials out of band

While SecureDoc performs an invaluable service ensuring that data is protected by encryption, and that user access to SecureDoc-protected devices is locked down and governed by permitting only specific users to authenticate at Pre-Boot, there are other risks that any security-conscious organization should be aware of and include in its overall security design.

Distribute initial credentials out of band

To ensure that user’s initial password is not intercepted by any third parties during distribution, WinMagic recommends you to ensure that the user’s initial password is transmitted separately from the device in a safe and secure way.

The following are suggested methods to transmit user’s initial pass-phrase. You may choose the appropriate method depending on your situation.

Use SecureDoc Self-Extractor: This creates a compressed and password-protected file containing selected encrypted files. The compressed file can be shared with other users: those users enter a password to extract the compressed files, without needing Media Viewer.

Use a combination of zip file and a phone call: Type a password in a plain text file and drop this text file into a password-protected zip file and then call the users using their respective phone numbers and read the password for the zip file.

Send through Email: If you are using this option, make sure that the “Subject” line in email does not mention anything about password (e.g. Regarding your password; Your password details; Login Credentials, etc.) and also advise the users to delete this message as soon as they change their initial password.

Use a Fax or Mail : : Send pass-phrase through Fax or mail.

Use Phone: Read the pass-phrase to the users over phone.

Use SMS: Transmit the password through SMS: While using this option. Make sure you do not provide any other information in the text, except the pass-phrase.