Re: Password keepers

[Clifford Collins <collinsc () FRANKLIN EDU>]

We use Password Manager Pro from ManageEngine. We have it in an active/passive configuration that allows high 
availability (active service at one data center and the passive/standby at the other data center). It allows for both 
departmental and personal accounts and a variety of access options based on role and group memberships. An access log 
is maintained to allow auditing (including justification and approval(optional) for access) and regulatory compliance, 
and it works with both local and central authentication (Active Directory/LDAP) support. 

For us, the tough part is getting people to discipline themselves to populate and maintain system passwords. 

http://www.manageengine.com/products/passwordmanagerpro/ 

Clifford A. Collins 
Information Security Officer 
Franklin University 
201 South Grant Avenue 
Columbus, Ohio 43215 
"Security is a process, not a product" 
----- Original Message -----
From: "Stacy Slocum" <sslocum () SJFC EDU> 
To: SECURITY () LISTSERV EDUCAUSE EDU 
Sent: Monday, August 27, 2012 10:28:38 AM 
Subject: [SECURITY] Password keepers 




Hello- 



Could anyone share a best practice with regard to the storage and safe keeping of the collection of all system 
passwords? Is using a keepass type application the best approach? What about redundancy in the event you can’t get to 
the stored list or it is corrupt? 



Any advice and/or opinions would be very helpful. 



Thanks 

Stacy