Password Management

Considerations and guidelines for SPX passwords.

Best Practices

There are various considerations when managing passwords:

  • You should encourage people using the password service to avoid obvious passwords, such as names, important dates and common words.
  • When using sender-communicated passwords, the message sender should not email the password to the recipient. Instead, a more secure method should be used, such as telephoning or talking in person.
  • In the SPX Expiry and Password Limits dialog box (opened by clicking Configure), you can set the number of days an SPX password will remain valid. If the recipient does not use the password to access email within the given time period, the password will expire.
  • Also in the SPX Expiry and Password Limits dialog box, you can set the minimum length for a password. Users receive an error message if their chosen password does not meet this requirement.



Password Management Comparison

Password Method Advantages Considerations Best Practices

User Registration

Scalable

Automated

Easy to use

Can be susceptible to man-in-the-middle attacks. Initial registration email messages could be perceived as a phishing attempt.

Ensure that the senders' first encrypted message to new recipients does not contain any sensitive information. The introductory message will trigger automatic delivery of a registration email requesting that the recipient create a username/password for the purpose of decryption. The first message should inform the recipient that the confidential message has yet to be delivered. The sender should then confirm that the registration was successful before sending a message containing confidential information.

Generated Password

Secure. Ensures that messages cannot be intercepted, and only intended recipients have access to those messages.

Requires a phone call or other secure communication method by the sender to communicate the password to the recipient.

Inform senders of how this method works, and provide suitable methods for communicating the generated password. In particular, they should never forward the email that contains the generated password.

Sender-specified Password

Reduces adminstrator workload with sender-managed passwords.

Secure. Ensures that messages cannot be intercepted, and only intended recipients have access to those messages.

Requires a phone call or other secure communication method by the sender to communicate the password to the recipient. Senders should select passwords that are difficult to guess.

If a message is sent to a recipient who is not in a group that triggers the policy rule for sender-specified passwords, the message will not be encrypted. The password will remain in the subject line of the email delivered to this recipient.

Message subjects that contain passwords may be displayed when performing log searches.

Message subjects that contain passwords may be displayed if a message is in the mail queue when a queue search is performed.

Messages sent to multiple recipients will be encrypted using the same sender-specified password. The sender must communicate the password to each of the recipients.

Inform senders of how this method works, and provide suitable methods for communicating the generated password. In particular, when the Notify password sender by email option is selected, senders should not forward the email that contains the password. It is also recommended that senders understand how to select strong passwords.

Custom Web Service

Integrates with existing authentication systems or user/password stores using a web service.

Requires custom web development.

Implementing this method is usually accomplished by working with Sophos Professional Services.