Security Basics mailing list archives
RE: Password management
From: Nick Owen <nickowen () mindspring com>
Date: Tue, 09 Nov 2004 14:20:22 -0500
I'm curious: why not use strong authentication? On Tue, 2004-11-09 at 05:15, Leon North wrote:
We are looking for an online solution, because the passwords are complex and changing regularly. Up until now we have used a solution similar to the physical safe idea you mentioned, but this isn't so practical for an admin to 'quickly' look up the current password of the system they want to connect to. ----- Original Message ----- From: "aldr1c" <aldr1c () nildram co uk> To: "'Leon North'" <leon_nc () linuxmail org> Subject: RE: Password management Date: Mon, 8 Nov 2004 20:31:55 -0000Leon, There are several packages out there that can do what you are looking for; your chosen solution will depend upon your environment. Working in secure facilities (well, complying with regulations set down by the Government and other interested agencies;-) ) we use a fairly low tech mechanism. We hold a standalone computer with removable HD which is kept in a security container along with our other sensitive network documentation. On this we hold a spreadsheet of all of our sys passwords and certificates. This is purely for our convenience. When we create/change one of our passwords, the new string is written down, sealed in a marked envelope and 'stored in a manner commensurate with its protective marking' by our SSO. The same is done with exported certs. Would this sort of approach cover your needs, or is there a driver for an on-network, high tech solution? All the best Aldr1c -----Original Message----- From: Leon North [mailto:leon_nc () linuxmail org] Sent: 08 November 2004 14:13 To: security-basics () securityfocus com Subject: Password management Hi, We are looking for advice on how others handle recording of passwords in IT departments. Whenever we look at this all we get back are Single Sign On (SSO) & related solutions, which is not what we want at the moment. We are more interested in purely secure & granular network storage for passwords. I'm surprised there isn't more around that does this, given that there must be plenty of IT departments still without SSO, that are needing to remember a number of regularly changing passwords for various systems. How do they record them, but also only allow appropriate levels of access, i.e. access to passwords of systems that each person in the department should have access to? So far, apart from simply encrypted, password protected spreadsheets, the only solution that I have found that does precisely this is the Cyber-Ark Password Vault. If anybody has used this or any other similar products I'd be very interested to hear what, and how well they worked. If not, what do you do instead? Any help appreciated. Leon -- ______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.789 / Virus Database: 534 - Release Date: 07/11/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.789 / Virus Database: 534 - Release Date: 07/11/2004
-- Nick Owen CEO 404-962-8983 (desk) 404-542-9453 (cell) WiKID Systems, Inc. http://www.wikidsystems.com Two-factor authentication without the hassle factor.
Current thread:
- RE: Simple but effective Disk Wipe Software, (continued)
- RE: Simple but effective Disk Wipe Software Kurt (Nov 09)
- Re: Simple but effective Disk Wipe Software Alvin Oga (Nov 09)
- Re: Simple but effective Disk Wipe Software Florian Streck (Nov 09)
- Re: Simple but effective Disk Wipe Software Josh Mills (Nov 09)
- RE: Simple but effective Disk Wipe Software Bill Geschwind (Nov 09)
- Re: Simple but effective Disk Wipe Software momotaro (Nov 09)
- Re: adun.exe Michael (Nov 08)
- Re: Password management Micheal Espinola Jr (Nov 09)
- RE: Password management Randy Golly (Nov 09)
- RE: Password management Leon North (Nov 09)
- RE: Password management Nick Owen (Nov 10)
- RE: Password management Andrew Shore (Nov 10)