Re: securing password list

[Joerg Over Dexia <over () dexia de>]

Am 17:52 18.03.2004 -0000 teilte beevoo8 () hotmail com mir
folgendes mit:
->
->
->In my job I have a number of username/passwords to various
websites and machines that I must keep track of.  I was
soliciting ideas on how to store these passwords securely.  
->Encrypting them with a passphrase seems counterproductive since
the file may not be accessed for a while and the passphrase might
be forgotten.  Would biometrics be a safer idea? What security
methods do you use to secure a list such as this? 

I'm keeping my bundle with pwsafe, originally by Bruce Schneier,
now at sourceforge
(http://sourceforge.net/projects/passwordsafe/). About the
passphrase being forgotten... yeah. That happens. And, with real
encryption, that's bad. No real solution to that, except if you
count on biometrics like you mentioned, but that's an entirely
separate discussion (having been on this list a couple of times,
check the archives. It's almost as annoying as the "shoot the
portscanner" discussion.).

What about keeping them on a USB-stick if you can't trust your
memory? Or keeping a note with the passphrase to the file in a
safe place (chances are, you don't need it as often as the
website passwords)?

Regards, JO

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------