DominoSecurity Newsletter
(from
DominoSecurity.org
)
Date:
11/07/2002
Title:
Changing Initial Passwords in Notes
Contents:
Hello DominoSecurity readers,
This newsletter is a copy of my recent security tip for
SearchDomino.com
. I am reprinting the tip here because it contains a useful Notes-based password generator, which might be helpful to you.
For those who are not aware, I write a monthly security tip for SearchDomino. If you do not already receive it, you might want to consider signing up. You can register for just the monthly tips you want, so you won't be swamped with email.
Chuck Connell
www.chc-3.com
www.DominoAdministration.com
++++++++++++++++++++++++++++++++
Changing Initial Passwords In Notes
As we know, Notes has robust and strong security mechanisms. You have more options, and more trustworthy data protection, with Notes than you do with many operating and database systems. But there is one standard security feature that is lacking in Notes, and potential customers are sometimes dismayed that it is not present. This feature is the ability to require users to change their initial password.
Notes does not contain this option natively and I am not aware of any reliable method to add it on. Any script or trick that you write to do so can be circumvented in some way. (If someone knows of a foolproof way to add this feature, please let me know.) So Notes administrators sometimes make a couple poor choices when assigning initial passwords to Notes ID files.
1. Set passwords to strings known to be good passwords, but ask users to change their passwords anyway. Examples of such passwords are
Hurry4Cake
and
NumberPh0ne
. The problem with this option is that users are busy and likely will not change their passwords, since they know they were assigned a good one.
2. Set passwords to a simple string that obviously should be changed, and hope users take the time to do so. Examples of such passwords are
ChangeThisPassword
, the user's first name, or just
password
. Unfortunately, we all know that passwords such as this are often never changed, creating a large security hole. Complicating this problem is the fact that many Notes shops continue to store Notes ID files in the public address book. If the initial password scheme is simple, any user can detach anyone else's ID file, and have a good chance at guessing the password.
There is a third option though, which I encourage Notes administrators to consider: Set the initial password to a string that is very secure but is so cumbersome users will want to change it. Examples of such passwords are
fNlyDiqD44iv
and
Oqh1Bgd0Sulc
. Even users who write their passwords on yellow stickies will want to change these strings; they are just too slow to type.
Besides ensuring that initial passwords are changed, this method also has the advantage that Notes ID files can be stored with reasonable safety in the public address book. Someone cannot easily detach another user's ID file and guess the password. Yet the public copies of the ID files still exist, in case they are needed as backup. (Using the original ID files as backup assumes that the user or administrator wrote down the original cumbersome password in a secure location.)
While it is possible to manually create these secure, cumbersome passwords, it is tedious to do so many times. The solution is a tool for creating the passwords. I wrote a Lotuscript action, built into a Notes database, which does the trick. Just put the database on your Notes workspace, single-click
on it (without opening the database), then choose Actions / Create Password from the Notes pull-down menus. To see the Lotuscript code, go to the Agents view in the database. You are welcome to use the tool as-is or incorporate it into another application. It is available here from my web site:
www.chc-3.com/downloads/passwords.zip
.
There also are other similar free/cheap tools available at
www.zdnet.com
. Select the Downloads option at the top of their home page, then enter
password generator
as the search string.
-- end --