Thinking of using this technique to allow for initial user authentication-VBForums
Results 1 to 5 of 5

Thread: Thinking of using this technique to allow for initial user authentication

  1. #1

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    15,680

    Thinking of using this technique to allow for initial user authentication

    We want to send a regular "letter" in the regular old postal carrier type of mail delivery method - to a bunch of users who we want to allow access to a secure web page.

    They will login with the email address they have given to us - which we have marked in a CONTACT table for these individuals.

    With that said - the letter does not need to include the EMAIL address - we can simply tell them to use the email they gave us.

    The question becomes what do I tell them to use as a password? How bad of an idea is it to put a PASSWORD in this letter - and make it be the same INITIAL password for all these contacts that are going to be connecting??

    Obviously I would "pre-expire" this initial password for each user - so they have to select a new one upon the initial login.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  2. #2
    PowerPoster
    Join Date
    Jun 2001
    Location
    Trafalgar, IN
    Posts
    3,872

    Re: Thinking of using this technique to allow for initial user authentication

    Why not allow them to use the email address for both username and the initial password. At the first login require the password be changed before allowing any navigation to the rest of the site. This isn't very secure but it may be more so than sending a password.

  3. #3

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    15,680

    Re: Thinking of using this technique to allow for initial user authentication

    Wow - that is totally a psychic moment here - I was just thinking I could do that as well!

    Seems better then making up a password. If they can't type there own email address twice - then I'm going to get a phone call for help anyway!

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

  4. #4
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,498

    Re: Thinking of using this technique to allow for initial user authentication

    If you're sending the username and password via e-mail, I would suggest sending two separate e-mails. One for the username and one for the password.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  5. #5

    Thread Starter
    MS SQL Powerposter szlamany's Avatar
    Join Date
    Mar 2004
    Location
    CT
    Posts
    15,680

    Re: Thinking of using this technique to allow for initial user authentication

    We are using regular postal mail - snail mail.

    Sending 600 emails to people with URL's and un's and pw's just gets you spam blocked - did that last year and learned a lesson.

    We drafted a real letter - and an instruction page - and they go out next week.

    We are going to use an email-blasting service to send updates and info to this contact group - let them deal with spam blocking and all that jazz.

    *** Read the sticky in the DB forum about how to get your question answered quickly!! ***

    Please remember to rate posts! Rate any post you find helpful - even in old threads! Use the link to the left - "Rate this Post".

    Some Informative Links:
    [ SQL Rules to Live By ] [ Reserved SQL keywords ] [ When to use INDEX HINTS! ] [ Passing Multi-item Parameters to STORED PROCEDURES ]
    [ Solution to non-domain Windows Authentication ] [ Crazy things we do to shrink log files ] [ SQL 2005 Features ] [ Loading Pictures from DB ]

    MS MVP 2006, 2007, 2008

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width

Survey posted by VBForums.