Security Basics mailing list archives
RE: Password Manager Software recommendations
From: "Ackley, Alex" <aackley () epmgpc com>
Date: Fri, 4 May 2007 12:46:20 -0400
When we ran into this problem, our answer was to move to a Two-factor authentication scheme. This scheme uses Aladdin's USB eTokens and their SSO software. The two together (with an internal PKI infrastructure) work just fine for this. The SSO is simply a program (small footprint) that resides on each users machine that looks for applications to open. When it sees one that it has a template for, it looks on the token for the stored password (secured with the users PIN and certificate) and puts it into the applications login box. It's easy to setup and implement. If your users can handle using a token to login, I recommend this setup. Other companies have similar products and they all fall in this little area between SOHO and Enterprise. Alex Ackley, CISSP, GSEC Security Administrator EPMG, PC -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of BSD Dude Sent: Thursday, May 03, 2007 8:44 PM To: security-basics () securityfocus com Subject: Password Manager Software recommendations My users work with a fair number of systems and application which require unique log in credentials. As a result, I am actively looking for a password manager to help secure and organize these credentials for my end-users. Having spent some time researching available commercial options, I have found basically two types of products: Enterprise level products that are primarily single sign-on solutions--which are not feasible in my environment; or Home user products that are basically all in one Internet security products--which are not suitable for my environment. I am familiar with a few open source projects; however, there is a preference on the part of management to deploy a commercially supported/maintained solution; however, open source is not entirely out of the question (I really do not wish to start a debate on open vs. closed source security products). The basic general requirements are: Easy to use for most non-technical end-users Small resource footprint Easy to deploy Use of AES, Two-fish, and/or Blowfish algorithms Product must be actively supported/maintained for the foreseeable future (I am aware of the problems with this type of requirement) Suitable for business/enterprise (MS Windows) environments I'd appreciate some feedback/recommendations from those admins who have traveled down this path before. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Password Manager Software recommendations BSD Dude (May 04)
- RE: Password Manager Software recommendations Ackley, Alex (May 04)
- RE: Password Manager Software recommendations jbeauford (May 04)
- Re: Password Manager Software recommendations Jeb Barger (May 04)
- Re: Password Manager Software recommendations Chris Barber (May 04)
- Re: Password Manager Software recommendations Jason Ross (May 07)
- Re: Password Manager Software recommendations Dave Dearinger (May 04)
- Re: Password Manager Software recommendations Cam Fischer (May 07)
- Re: Password Manager Software recommendations fRANz (May 07)
- <Possible follow-ups>
- Re: Password Manager Software recommendations BSD Dude (May 08)
- Re: Password Manager Software recommendations mdevlin (May 08)
- Re: Password Manager Software recommendations Tara Kelly (May 08)
(Thread continues...)