Security Basics mailing list archives
Re: securing password list
From: Joerg Over Dexia <over () dexia de>
Date: Fri, 19 Mar 2004 19:16:26 +0100
Am 17:52 18.03.2004 -0000 teilte beevoo8 () hotmail com mir folgendes mit: -> -> ->In my job I have a number of username/passwords to various websites and machines that I must keep track of. I was soliciting ideas on how to store these passwords securely. ->Encrypting them with a passphrase seems counterproductive since the file may not be accessed for a while and the passphrase might be forgotten. Would biometrics be a safer idea? What security methods do you use to secure a list such as this? I'm keeping my bundle with pwsafe, originally by Bruce Schneier, now at sourceforge (http://sourceforge.net/projects/passwordsafe/). About the passphrase being forgotten... yeah. That happens. And, with real encryption, that's bad. No real solution to that, except if you count on biometrics like you mentioned, but that's an entirely separate discussion (having been on this list a couple of times, check the archives. It's almost as annoying as the "shoot the portscanner" discussion.). What about keeping them on a USB-stick if you can't trust your memory? Or keeping a note with the passphrase to the file in a safe place (chances are, you don't need it as often as the website passwords)? Regards, JO --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- securing password list beevoo8 (Mar 19)
- Re: securing password list Joerg Over Dexia (Mar 22)
- Re: securing password list Steven Joerger (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- <Possible follow-ups>
- RE: securing password list Dan Denton (Mar 19)
- Re: securing password list Michael Gale (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Josh Mills (Mar 22)
- RE: securing password list Andrew Shore (Mar 22)
- RE: securing password list Jeremy McBane (Mar 24)
- RE: securing password list David Gillett (Mar 25)
- RE: securing password list Fahr, Sam@HHSDC-SFIS (Mar 25)