Security Basics mailing list archives
Re: NOC password management
From: FocusHacks <focushacks () gmail com>
Date: Thu, 15 Mar 2007 08:07:25 -0500
I've seen encrypted text files with GnuPG. This seems to be a common way to do it. You need to make sure that procedure is followed regarding passphrase strength on each users' private key (or use the same private key and passphrase for all users) as well as handling cleartext. The users should never save a clear copy of the document. The above is a solution I've seen employed at several places I've worked. My current employer uses a homebrew solution that works really well. Unfortunately, I do not feel comfortable disclosing the details, but it's no more nor less effective than the solution I mentioned above. On 3/14/07, List Subscriptions <lists.canuck.eh () gmail com> wrote:
As the security administrator I constantly get complaints from the network admins about how hard it is to remember all the passwords. What are the best practices for enterprise password management? What products are available? They came to me with Mandylion labs password management token ( http://mandylionlabs.com/). Has anyone used this product or have any insight into the best solution? Thanks in advance
-- http://www.FocusHacks.com - The Ford Focus Modification Site! http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key
Current thread:
- NOC password management List Subscriptions (Mar 14)
- Re: NOC password management Tremaine Lea (Mar 15)
- Re: NOC password management Soumen Paul (Mar 15)
- Re: NOC password management FocusHacks (Mar 15)
- RE: NOC password management Cornwell, Kay (NIH/NIGMS) [E] (Mar 15)
- Re: NOC password management Ryan Chow (Mar 15)
- <Possible follow-ups>
- Re: NOC password management sbkchk (Mar 15)