Home page logo
/

basics logo Security Basics mailing list archives

Re: securing password list
From: Michael Gale <michael () bluesuperman com>
Date: Sat, 20 Mar 2004 11:59:08 -0700

Hello,

        We do not keep certain passwords on the network or any PC. We do keep a
small list on the network for internal users, because theses are
passwords that everyone needs access to for systems that are available
only internal.

All root passwords or any other passwords that need to be secured are
not stored on any PC's.

Michael.


On Fri, 19 Mar 2004 12:02:09 -0600
"Dan Denton" <ddenton () PAYLESSOFFICE com> wrote:

I keep out password lists in an off-network linux box in a secured
room, for which only I know the password. Of course if anyone else
gains access to the room they could snag the whole CPU, but it's
unlikely here. I also keep a weekly backup on floppy in a locked
firesafe.

-----Original Message-----
From: beevoo8 () hotmail com [mailto:beevoo8 () hotmail com] 
Sent: Thursday, March 18, 2004 11:52 AM
To: security-basics () securityfocus com
Subject: securing password list




In my job I have a number of username/passwords to various websites
and machines that I must keep track of.  I was soliciting ideas on how
to store these passwords securely.  

Encrypting them with a passphrase seems counterproductive since the
file may not be accessed for a while and the passphrase might be
forgotten. Would biometrics be a safer idea? What security methods do
you use to secure a list such as this? 



Any suggestions would be appreciated.

---------------------------------------------------------------------
------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert
instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your
organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
---------------------------------------------------------------------
-------


---------------------------------------------------------------------
------ Ethical Hacking at the InfoSec Institute. Mention this ad and
get $545 off any course! All of our class sizes are guaranteed to be
10 students or less to facilitate one-on-one interaction with one of
our expert instructors. Attend a course taught by an expert instructor
with years of in-the-field pen testing experience in our state of the
art hacking lab. Master the skills of an Ethical Hacker to better
assess the security of your organization. Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
---------------------------------------------------------------------
-------



-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault