Educause Security Discussion mailing list archives

Re: Password keepers

From: David Curry <david.curry () NEWSCHOOL EDU>
Date: Mon, 27 Aug 2012 11:17:33 -0400

We use Thycotic's Secret Server (
http://www.thycotic.com/products_secretserver_overview.html), which is
server-based (Win2k8 + ASP.NET + SQL Server). It supports multi-user
access, two-factor authentication, audit logging, and all that good
enterprise-level stuff. We've been using it for a little over a year now
and have been quite happy with it.


--

*DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY

*THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry () newschool edu




On Mon, Aug 27, 2012 at 10:28 AM, Slocum, Stacy <sslocum () sjfc edu> wrote:

 Hello-****

** **

Could anyone share a best practice with regard to the storage and safe
keeping of the collection of all system passwords?  Is using a keepass type
application the best approach?  What about redundancy in the event you
can’t get to the stored list or it is corrupt?****

** **

Any advice and/or opinions would be very helpful.****

** **

Thanks****

Stacy****

Current thread:

Password keepers Slocum, Stacy (Aug 27)
- Re: Password keepers SCHALIP, MICHAEL (Aug 27)
  - Re: Password keepers Joel Rosenblatt (Aug 27)
- Re: Password keepers Shamblin, Quinn (Aug 27)
- Re: Password keepers David Curry (Aug 27)
  - Re: Password keepers Daniel Bennett (Aug 27)
- Re: Password keepers Shawn Kohrman (Aug 27)
- Re: Password keepers Clifford Collins (Aug 27)
  - Re: Password keepers Dave Koontz (Aug 27)
- Re: Password keepers Josh Drummond (Aug 27)
- <Possible follow-ups>
- Re: Password keepers Woodruff, Dan (Aug 27)
  - Re: Password keepers Cappalli, Tim G @ LSC-OIT (Aug 27)