I'm curious about how different companies onboard their new employees. In our process, we hand over login details on the first day along with a laptop and mobile device, but we require Multi-Factor Authentication (MFA) to be set up from a trusted location. Our HR department is looking to automate this process and wants to send login details directly to the new hires' personal email addresses. Is this a common practice for others? If so, how do you handle the MFA setup?
5 Answers
Automating the process? That sounds interesting, but sending login details to personal emails is pretty risky. For us, we have a secure method: we give new hires Yubikeys to set up their MFA. We even pre-enroll them with a temporary pin. This way, the accounts are created a couple of days before their start dates, allowing time for other setups. I'd recommend handling logins carefully, maybe even using a password manager to keep everything secure before they start.
Emailing passwords is a huge no-no! Instead of sending credentials to their personal email, we have a system where HR connects directly to our ticketing system. When a new employee is added, it automatically creates their account and emails the temp password to their direct supervisor—not the employee. This keeps things secure. As for MFA, it's built into our onboarding and they have to register at least within a week.
Seriously, emailing user credentials is just asking for trouble. The best practice we follow is to onboard new employees in person or over a secure call, especially for MFA setup. It’s safer than just sending everything over email, which could be intercepted. When they start, we provide them a temporary password that they must reset themselves even before logging in for the first time.
Man, that sounds super chaotic! In our place, we’ve set up a SharePoint page specifically for onboarding. New hires get a temporary link to access their account setup, which includes everything: temp passwords, MFA instructions, and necessary resources with screenshots. This way, they can follow steps on their own without needing constant help.
Just a heads-up, sending those details to personal emails could lead to major security breaches. We have a more streamlined approach: HR submits new starters, and our IT system auto-creates their accounts without needing direct intervention from HR. We use a temporary password and there’s a clear policy: they must set up MFA within the first week or their account gets locked.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures