I have noticed that it is common practice when setting up a user account (Window
ID: 658316 • Letter: I
Question
I have noticed that it is common practice when setting up a user account (Windows users accounts and Google Apps user accounts in my case) to require new users to create their own password immediately after their first log on. In searching for an answer to this question, I have found many posts explaining how to require new users to change their password, but I can't find anywhere why this is considered "best practice." What problems are created if I generate and assign a unique password to each new user and they don't change it?
To clarify, I'm not asking why it is good practice to require users to change passwords periodically. My question is what are the risks if brand-new users keep using the password I set for them instead of creating their own password?
It would be convenient for me to have them keep their initial password because I am in a smaller business setting, and if I know their password I can set up Google Drive Sync and Google Apps Sync for them, instead of having to write instructions for them on how to do this themselves.
Explanation / Answer
Forcing users to select their own password at initial logon, (the first time they authenticate), ensures that NOBODY else knows the password for the account once it has been changed.
This is a control process called single-control. Single-control means an resource or access to something is maintained by a single-individual. Since the userid/password combination is maintained under the user's single-control, it strengthens accountability in that we can identify with a fair degree of certainty who logged into what and when. If the password is compromised, (no longer under single-control because multiple people know the password), then we have less accountability because we cannot be certain who logged in with the userid/password.
Single-Control practices also protect those who do not have access to the resource or credentials in question. Since you should not have access to the user's password information, it keeps you safe in the event of a breach. If you do not force password changes, it is possible that you could be viewed as suspect, even if you have done nothing of the sort. EDIT: (This is called risk exposure, where not following the single-control process results in exposure to additional risk)
It is imperative that we enforce and maintain control-processes so that everyone stays safe and secure, and we don't expose them or ourselves to unnecessary risk.