Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Password Change Management

From: Matt Alexander <lowbassman () gmail com>
Date: Tue, 28 Feb 2006 14:38:05 -0700
How are others managing password changes?
For example, let's say you have a group of admins with root/admin passwords to everything. Someone either leaves the company or leaves their cellphone (with all their passwords) in a taxi. What procedures do you follow to change the passwords as quickly as possible? 

How do you securely distribute new passwords to your admins?
Do you keep a central password repository? If so, how do you ensure that the repository is completely secure?
Has anyone found a good way to completely automate the changing of passwords?
In addition, is anyone using RSA tokens or something similar to get rid of passwords all together?
Many password problems can be handled by having admins use sudo or be a member of an administrators group, etc., but there are times when this isn't possible and I'd like to find a way to improve the process. 

Thanks,
~M

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. 
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: