RE: Password Storage

["Krpata, Tyler" <tkrpata () bjs com>]

Are you talking about passwords for shared accounts, I assume? If so,
this question is a symptom of a different problem altogether.

Otherwise, if you're talking about individual accounts, asking users to
maintain separate passwords on many systems is a recipe for distaster.
Some kind of centralized authentication solution is useful in these
cases.

-----Original Message-----
From: Doug W [mailto:dougiegee () hotmail com] 
Sent: Tuesday, August 01, 2006 11:12 AM
To: security-basics () securityfocus com
Subject: Password Storage

Hi Everyone

What do people generally do in the case of password storage?  For
example, I 
strongly believe that storing passwords in documents is a terrible idea
as I 
am sure you would agree.

However, how do you account for having multiple support staff, possibly 
working off site, most with extremely bad memories (unfortunately), and
in 
need of high level rights to fix systems etc.

I also try to enforce that all actions are taken wtih the users own 
privileged account for auditing purposes but when building machines, 
installing software or troubleshooting problems, service accounts and 
administrations accounts may be required.

Or, is this problem more universal than I think and forcing people to
not 
document passwords will be an interesting challenge?

D



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------