Re: securing password list

[Michael Gale <michael () bluesuperman com>]

Hello,

        We do not keep certain passwords on the network or any PC. We do keep a
small list on the network for internal users, because theses are
passwords that everyone needs access to for systems that are available
only internal.

All root passwords or any other passwords that need to be secured are
not stored on any PC's.

Michael.


On Fri, 19 Mar 2004 12:02:09 -0600
"Dan Denton" <ddenton () PAYLESSOFFICE com> wrote:

> I keep out password lists in an off-network linux box in a secured
> room, for which only I know the password. Of course if anyone else
> gains access to the room they could snag the whole CPU, but it's
> unlikely here. I also keep a weekly backup on floppy in a locked
> firesafe.
>
> -----Original Message-----
> From: beevoo8 () hotmail com [mailto:beevoo8 () hotmail com] 
> Sent: Thursday, March 18, 2004 11:52 AM
> To: security-basics () securityfocus com
> Subject: securing password list
>
>
>
>
> In my job I have a number of username/passwords to various websites
> and machines that I must keep track of.  I was soliciting ideas on how
> to store these passwords securely.  
>
> Encrypting them with a passphrase seems counterproductive since the
> file may not be accessed for a while and the passphrase might be
> forgotten. Would biometrics be a safer idea? What security methods do
> you use to secure a list such as this? 
>
>
>
> Any suggestions would be appreciated.
>
> ---------------------------------------------------------------------
> ------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off 
> any course! All of our class sizes are guaranteed to be 10 students or
> less 
> to facilitate one-on-one interaction with one of our expert
> instructors.
>
> Attend a course taught by an expert instructor with years of
> in-the-field 
> pen testing experience in our state of the art hacking lab. Master the
> skills 
> of an Ethical Hacker to better assess the security of your
> organization.
>
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ---------------------------------------------------------------------
> -------
>
>
> ---------------------------------------------------------------------
> ------ Ethical Hacking at the InfoSec Institute. Mention this ad and
> get $545 off any course! All of our class sizes are guaranteed to be
> 10 students or less to facilitate one-on-one interaction with one of
> our expert instructors. Attend a course taught by an expert instructor
> with years of in-the-field pen testing experience in our state of the
> art hacking lab. Master the skills of an Ethical Hacker to better
> assess the security of your organization. Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ---------------------------------------------------------------------
> -------


-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------