Authentication – Sending Passwords to Someone Remotely

First, I hope that your credentials are set up so that the user MUST change them during the first login so that those who configure them can not know them anymore.

If a remote office has a trusted administrator, send that administrator an encrypted set of keys / passwords to use once to share with other users. You can simply ask them to use the password # 12 for their initial login.

Depending on your threat model (do you fear state-level actors, ie work with a foreign country office in country 4, which could engage in commercial espionage for the account of your local competitors), is this a classic case? calling someone on a landline is a great solution.

The mere fact of calling someone on a landline and telling them the initial login credentials over the phone works very well.

Beyond that, GPG is still a classic way of doing it, as many people have responded to it. I have some examples of using the public key and using it more securely than the default symmetric use in this answer on

Depending on your regulatory requirements, the OTR is a method of encrypting communications, especially instant messages (see Pidgin as an example), which also allows authentication by "shared secret" . you can share an easy-to-seize password on the phone when you're on instant messaging to validate that the instant messaging session does not involve a man at the center, or use any aspect of his job that he would be difficult for someone else to master of.

If you already have a way to send an e-mail that you can trust only to your recipient and your own network / e-mail administrator, you can use a "secure messaging" service such as Cisco Registered Envelope Service. or a substitute.

Especially for SSH keys or extremely long and difficult passwords, you can combine these methods. you can encrypt – perhaps using the symmetrical GPG mode (see the link above) – using a secure password, and then pass this password via the phone or another method so that they can decrypt the authentication token / key SSH / certificate / etc.