Re: NOC password management

[FocusHacks <focushacks () gmail com>]

I've seen encrypted text files with GnuPG.  This seems to be a common
way to do it.  You need to make sure that procedure is followed
regarding passphrase strength on each users' private key (or use the
same private key and passphrase for all users) as well as handling
cleartext.  The users should never save a clear copy of the document.

The above is a solution I've seen employed at several places I've
worked.  My current employer uses a homebrew solution that works
really well.  Unfortunately, I do not feel comfortable disclosing the
details, but it's no more nor less effective than the solution I
mentioned above.

On 3/14/07, List Subscriptions <lists.canuck.eh () gmail com> wrote:
> As the security administrator I constantly get complaints from the
> network admins about how hard it is to remember all the passwords.
> What are the best practices for enterprise password management?  What
> products are available?  They came to me with Mandylion labs password
> management token ( http://mandylionlabs.com/).  Has anyone used this
> product or have any insight into the best solution?
>
> Thanks in advance


--
http://www.FocusHacks.com - The Ford Focus Modification Site!
http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key