Security Basics mailing list archives
Re: Password Storage
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 3 Aug 2006 14:46:44 -0700
If your systems have TPM (Trusted Platform Module), use the credential management tools that came with your system to manage passwords. See: http://www.xml-dev.com/biometrics_and_encryption.htm#_Toc141103876 for info about free tools from Dell and HP. With TPM enabled tools your password stores are tied to a particular platform. The password can be actually stored on the TPM chip. On 8/2/06, Greg Merideth <gmerideth () ftnj net> wrote:
For websites and forums I use a program called password safe [http://passwordsafe.sourceforge.net/] which stores your pw's in an encrypted file with a master password to secure. Given the number of sites that require registration to perform simple tasks as downloading bios updates or firmware a program like password safe helps me a great deal. There's over five hundred passwords in my pwdb now. We have a custom app that requires two passwords entered [from two different users] to access passwords for our servers and customers servers. Double encrypting a file with passwords would do the same thing. [think of it like the two air force officers turning two keys to launch missiles]. On 8/1/06, Doug W <dougiegee () hotmail com> wrote: > Hi Everyone > > What do people generally do in the case of password storage? For example, I > strongly believe that storing passwords in documents is a terrible idea as I > am sure you would agree. > > However, how do you account for having multiple support staff, possibly > working off site, most with extremely bad memories (unfortunately), and in > need of high level rights to fix systems etc. > > I also try to enforce that all actions are taken wtih the users own > privileged account for auditing purposes but when building machines, > installing software or troubleshooting problems, service accounts and > administrations accounts may be required. > > Or, is this problem more universal than I think and forcing people to not > document passwords will be an interesting challenge? > > D > > > > --------------------------------------------------------------------------- > This list is sponsored by: Norwich University > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE > The NSA has designated Norwich University a center of Academic Excellence > in Information Security. Our program offers unparalleled Infosec management > education and the case study affords you unmatched consulting experience. > Using interactive e-Learning technology, you can earn this esteemed degree, > without disrupting your career or home life. > > http://www.msia.norwich.edu/secfocus > --------------------------------------------------------------------------- > > -- Greg Merideth Forward Technology, LLC. CTO & Other Wild Stuff gmerideth () forwardtechnology net PGP Fingerprint D0FCCD39743A6ABF87470A87EDE382594968A60A "10b|~10b" - Shakespeare --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Password Storage Doug W (Aug 01)
- Re: Password Storage PCSC Information Services (Aug 02)
- Re: Password Storage Devdas Bhagat (Aug 02)
- Re: Password Storage Rob klein Gunnewiek (Aug 02)
- Re: Password Storage Robert Larsen (Aug 02)
- Re: Password Storage Ayaz Ahmed Khan (Aug 03)
- RE: Password Storage Nicholas Fanelli (Aug 02)
- Re: Password Storage Greg Merideth (Aug 03)
- Re: Password Storage Saqib Ali (Aug 04)
- Re: Password Storage Glenn English (Aug 03)
- Re: Password Storage Kenton Smith (Aug 03)
- <Possible follow-ups>
- Re: Password Storage guhus (Aug 02)
- Re: Password Storage info (Aug 02)
- Re: Password Storage c . brace (Aug 02)
- Re: Password Storage Needs More Longcat (Aug 03)
- RE: Password Storage Del Thompson (Aug 02)
- RE: Password Storage Dunigan, Michael (Aug 03)
- RE: Password Storage Krpata, Tyler (Aug 03)
- Re: RE: Password Storage krymson (Aug 03)
(Thread continues...)