Security Basics mailing list archives

RE: securing password list

From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Mon, 22 Mar 2004 09:30:17 -0000

Perhaps using win2k file encryption may help. As the encryption key is
tied to your user account you are unlikely to forget it and it allows
only your access. Also use file level permission to ensure no one else
can even see then file.

 
Andrew Shore
Senior Security Specialist
DDI. 01302 308 165
andrew.shore () holistecs com
 
 
 
Company Number 04943010
VAT Number 828 8635 82
 
 
Holistic Technologies Ltd
Unit 7 Shaw Wood Business Park
Shaw Wood Way
Doncaster
South Yorkshire
DN2 5TB
T. 0870 240 1442
F. 0870 240 1443
www.holistecs.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 

-----Original Message-----
From: beevoo8 () hotmail com [mailto:beevoo8 () hotmail com] 
Sent: 18 March 2004 17:52
To: security-basics () securityfocus com
Subject: securing password list



In my job I have a number of username/passwords to various websites and
machines that I must keep track of.  I was soliciting ideas on how to
store these passwords securely.  

Encrypting them with a passphrase seems counterproductive since the file
may not be accessed for a while and the passphrase might be forgotten.
Would biometrics be a safer idea? What security methods do you use to
secure a list such as this? 



Any suggestions would be appreciated.

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----





---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

securing password list beevoo8 (Mar 19)
- Re: securing password list Joerg Over Dexia (Mar 22)
- Re: securing password list Steven Joerger (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- <Possible follow-ups>
- RE: securing password list Dan Denton (Mar 19)
  - Re: securing password list Michael Gale (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Josh Mills (Mar 22)
- RE: securing password list Andrew Shore (Mar 22)
- RE: securing password list Jeremy McBane (Mar 24)
  - RE: securing password list David Gillett (Mar 25)
- RE: securing password list Fahr, Sam@HHSDC-SFIS (Mar 25)