Security Basics mailing list archives

RE: securing password list

From: "Dan Denton" <ddenton () PAYLESSOFFICE com>
Date: Fri, 19 Mar 2004 12:02:09 -0600

I keep out password lists in an off-network linux box in a secured room,
for which only I know the password. Of course if anyone else gains
access to the room they could snag the whole CPU, but it's unlikely
here. I also keep a weekly backup on floppy in a locked firesafe.

-----Original Message-----
From: beevoo8 () hotmail com [mailto:beevoo8 () hotmail com] 
Sent: Thursday, March 18, 2004 11:52 AM
To: security-basics () securityfocus com
Subject: securing password list

In my job I have a number of username/passwords to various websites and
machines that I must keep track of.  I was soliciting ideas on how to
store these passwords securely.  

Encrypting them with a passphrase seems counterproductive since the file
may not be accessed for a while and the passphrase might be forgotten.
Would biometrics be a safer idea? What security methods do you use to
secure a list such as this? 

Any suggestions would be appreciated.

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

securing password list beevoo8 (Mar 19)
- Re: securing password list Joerg Over Dexia (Mar 22)
- Re: securing password list Steven Joerger (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- <Possible follow-ups>
- RE: securing password list Dan Denton (Mar 19)
  - Re: securing password list Michael Gale (Mar 22)
- Re: securing password list E.Kellinis (Mar 22)
- RE: securing password list Josh Mills (Mar 22)
- RE: securing password list Andrew Shore (Mar 22)
- RE: securing password list Jeremy McBane (Mar 24)
  - RE: securing password list David Gillett (Mar 25)
- RE: securing password list Fahr, Sam@HHSDC-SFIS (Mar 25)