Security Basics mailing list archives
RE: Password Storage
From: "Krpata, Tyler" <tkrpata () bjs com>
Date: Wed, 2 Aug 2006 10:48:36 -0400
Are you talking about passwords for shared accounts, I assume? If so, this question is a symptom of a different problem altogether. Otherwise, if you're talking about individual accounts, asking users to maintain separate passwords on many systems is a recipe for distaster. Some kind of centralized authentication solution is useful in these cases. -----Original Message----- From: Doug W [mailto:dougiegee () hotmail com] Sent: Tuesday, August 01, 2006 11:12 AM To: security-basics () securityfocus com Subject: Password Storage Hi Everyone What do people generally do in the case of password storage? For example, I strongly believe that storing passwords in documents is a terrible idea as I am sure you would agree. However, how do you account for having multiple support staff, possibly working off site, most with extremely bad memories (unfortunately), and in need of high level rights to fix systems etc. I also try to enforce that all actions are taken wtih the users own privileged account for auditing purposes but when building machines, installing software or troubleshooting problems, service accounts and administrations accounts may be required. Or, is this problem more universal than I think and forcing people to not document passwords will be an interesting challenge? D --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Password Storage, (continued)
- Re: Password Storage Greg Merideth (Aug 03)
- Re: Password Storage Saqib Ali (Aug 04)
- Re: Password Storage Glenn English (Aug 03)
- Re: Password Storage Kenton Smith (Aug 03)
- Re: Password Storage guhus (Aug 02)
- Re: Password Storage info (Aug 02)
- Re: Password Storage c . brace (Aug 02)
- Re: Password Storage Needs More Longcat (Aug 03)
- RE: Password Storage Del Thompson (Aug 02)
- RE: Password Storage Dunigan, Michael (Aug 03)
- RE: Password Storage Krpata, Tyler (Aug 03)
- Re: RE: Password Storage krymson (Aug 03)
- Re: Re: Password Storage mail (Aug 03)
- Re: Password Storage Doug W (Aug 04)
- What to look in IIS Logs on daily basis Bhattacharya, Ananda (Aug 04)
- RE: Re: Password Storage BARRETT,WILL (Aug 04)
- Re: Password Storage e . m . baechle (Aug 04)
- Re: Password Storage Greg Merideth (Aug 03)