[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Password Changing and multiple clients

Thanks...  We thought about the plain-text email approach.  All of our helpdesk staff already have a signature that states we will never ask for a password via email.  You still can't imagine (wait-- you work for universities, don't you?) how many users will happily send their password to anyone who asks in email! :O

----- Original Message -----
From: "Duran Goodyear" <dgoodyear@uarts.edu>
To: "Freddie Cash" <fjwcash@gmail.com>
Cc: zimbra-hied-admins@sfu.ca
Sent: Thursday, June 3, 2010 12:00:44 PM
Subject: Re: Password Changing and multiple clients

Agreed, make sure you state you'll NEVER ask for the password, ever.
And then some copy on how to contact your support desk for help.

And then remember to over staff your support desk on the day passwords expire ;)

] duran goodyear
] manager // web services
] office of technology and information services
] the university of the arts
] dgoodyear@uarts.edu [email & gtalk]
] 215.717.6068



On Thu, Jun 3, 2010 at 12:38 PM, Freddie Cash <fjwcash@gmail.com> wrote:
> On Thu, Jun 3, 2010 at 9:22 AM, Fred Seaton <F-Seaton@wiu.edu> wrote:
>>
>> On a related issue, we are also forcing users to change their password
>> every 120 days.  We have a zimlet that warns people when their password is
>> about to expire, but we don't have a method for warning our IMAP (and other
>> 3rd part client) users.  I despise sending an email message that tells
>> people "Your password is about to expire.  Click this _link_ to change your
>> password" since it looks like a phishing message.
>>
>> - How are other schools notifying 3rd party client email users that it's
>> time to change their password?  If you're using email, how do you convince
>> your users that it's not a phishing scam?
>
> Just send them a plain-text e-mail stating their password will expire in X
> days, and to remind them to login to their account to change it.  Don't
> include any links of any kind.  Just a plain text message with the reminder.
>  Then it's up to them to go out and login to their account correctly to
> change the password.
> Maybe add a quick blurb at the end reminding them that you will never ask
> for their password via e-mail, nor will you ever send out messages with
> links to change passwords or reset accounts, etc.
> --
> Freddie Cash
> fjwcash@gmail.com
>