Security Basics mailing list archives
Re: Re: third-party password managers in the enterprise
From: bucklerk () dsainc com
Date: 12 Dec 2006 18:42:45 -0000
The problem with password managers is that some of them use weak encryption. Make sure you take the time to investigate any password manager software you consider implementing. Find out how strong the encryption is, if there are any known vulnerabilities, etc. Also make sure to review the password manager's privacy policy to make sure it isn't phoning home with information about your machine. It's important that users in your organization do not use password managers to save administrator or privileged user passwords. If their box would become compromised, an attacker could use the password manager to obtain administrator access on other machines. --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- third-party password managers in the enterprise krymson (Dec 12)
- Re: third-party password managers in the enterprise Saqib Ali (Dec 12)
- RE: third-party password managers in the enterprise Nick Duda (Dec 12)
- <Possible follow-ups>
- Re: Re: third-party password managers in the enterprise bucklerk (Dec 12)