Educause Security Discussion mailing list archives
Re: Password keepers
From: Josh Drummond <jdrummon () UCI EDU>
Date: Mon, 27 Aug 2012 12:46:45 -0700
For personal / single user use I recommend to people the free LastPass (http://www.lastpass.com) solution. The best balance of strong security and convenient usability I've seen. For shared / multi-user use in enterprise I recommend the free open-source WebPasswordSafe (http://www.webpasswordsafe.net) solution [full disclosure: as the author I'm a bit biased]. It is a cross-platform Java web application server you can customize the strong security controls and deploy to fit your environment.
Either way, to fully answer your question, encrypted digital offsite backups with the key separate from the data out-of-band is the way to go. But if immediate availability in disaster is a huge risk for you where a digital solution can't be depended on, printing unencrypted export (both of the above solutions support that) physical copy and keeping it safe with your usual physical security controls (sealed envelope, locked, access log, cameras, etc) is what you are left with.
Thanks, ~Josh On 8/27/12 7:28 AM, Slocum, Stacy wrote:
Hello-Could anyone share a best practice with regard to the storage and safe keeping of the collection of all system passwords? Is using a keepass type application the best approach? What about redundancy in the event you can't get to the stored list or it is corrupt?Any advice and/or opinions would be very helpful. Thanks Stacy
-- *Josh Drummond* Manager - IT Security & Architecture Office of Information Technology University of California, Irvine Email: jdrummon () uci edu <mailto:jdrummon () uci edu> Phone: 949.824.9574
Current thread:
- Password keepers Slocum, Stacy (Aug 27)
- Re: Password keepers SCHALIP, MICHAEL (Aug 27)
- Re: Password keepers Joel Rosenblatt (Aug 27)
- Re: Password keepers Shamblin, Quinn (Aug 27)
- Re: Password keepers David Curry (Aug 27)
- Re: Password keepers Daniel Bennett (Aug 27)
- Re: Password keepers Shawn Kohrman (Aug 27)
- Re: Password keepers Clifford Collins (Aug 27)
- Re: Password keepers Dave Koontz (Aug 27)
- Re: Password keepers Josh Drummond (Aug 27)
- <Possible follow-ups>
- Re: Password keepers Woodruff, Dan (Aug 27)
- Re: Password keepers Cappalli, Tim G @ LSC-OIT (Aug 27)
- Re: Password keepers SCHALIP, MICHAEL (Aug 27)