Hi all, I'm trying to understand best practices for sending customer environment credentials. This is what we're currently considering:
- Ask that the system admin create new credentials as, "requires password reset on first login".
- Ask that the customer enter the credentials through the website (in case their email is using insecure ESMTP).
- Move the credentials to our team password manager immediately.
- Redact the credentials immediately: https://www.zendesk.com/apps/support/ticket-redaction/
This was the best source I found: https://security.stackexchange.com/questions/58509/sending-passwords-to-someone-remotely
I am considering augmenting the above with a requirement that the password be sent over SMS and be received by an online service such as https://www.burstsms.com.au/. The SMS would only require ticket number and password.
I am interested in this community's advice. Thanks in advance!