Educause Security Discussion mailing list archives
Re: Please do not change your password
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Sun, 18 Apr 2010 11:41:02 +1200
On 17/04/2010, at 8:17 AM, Kevin Kelly wrote:
Why not use a program like Keepass and use random strong passwords for everything? I just need to know two passwords, one to log on to my computer and the pass phrase to open KeepPass. KeepPass provides copy and paste of user name and passwords, so I don't even know or care what most of my password are.
This is essentially what we do with our privileged accounts on our servers. We require 2fa for user access (then sudo) and root/administrator are set to random passwords by SecretServer http://www.thycotic.com/. These are for emergency access only as admins are expected to use their personal accounts for admin tasks Russell Fulton Information Security Officer, The University of Auckland New Zealand
Current thread:
- Re: Please do not change your password, (continued)
- Re: Please do not change your password Geoff Nathan (Apr 16)
- Re: Please do not change your password Allison Dolan (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Valdis Kletnieks (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Koerber, Jeff (Apr 16)
- Re: Please do not change your password Eric Case (Apr 16)
- Re: Please do not change your password Matthew Gracie (Apr 16)
- Re: Please do not change your password Steve Werby (Apr 16)
- Re: Please do not change your password Kevin Kelly (Apr 16)
- Re: Please do not change your password Russell Fulton (Apr 17)