Re: Password keepers

[Daniel Bennett <daniel.bennett () PCT EDU>]

We use this as well.

Daniel Bennett
IT Security Analyst
Adjunct Faculty
Vice-Chair North Central PA Members Alliance

Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701

P:570.329.4989
E:dbennett () pct edu

ITS and Penn College will never solicit you for your username or password in an e-mail.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Curry
Sent: Monday, August 27, 2012 11:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password keepers

We use Thycotic's Secret Server (http://www.thycotic.com/products_secretserver_overview.html), which is server-based 
(Win2k8 + ASP.NET<http://ASP.NET> + SQL Server). It supports multi-user access, two-factor authentication, audit 
logging, and all that good enterprise-level stuff. We've been using it for a little over a year now and have been quite 
happy with it.



--

DAVID A. CURRY, CISSP * DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL * 55 W. 13TH STREET * NEW YORK, NY 10011

+1 212 229-5300 x4728 * david.curry () newschool edu<mailto:david.curry () newschool edu>


On Mon, Aug 27, 2012 at 10:28 AM, Slocum, Stacy <sslocum () sjfc edu<mailto:sslocum () sjfc edu>> wrote:
Hello-

Could anyone share a best practice with regard to the storage and safe keeping of the collection of all system 
passwords?  Is using a keepass type application the best approach?  What about redundancy in the event you can't get to 
the stored list or it is corrupt?

Any advice and/or opinions would be very helpful.

Thanks
Stacy