Educause Security Discussion mailing list archives
Re: Password Storage
From: Taylor Randle <TRandle () PARKER EDU>
Date: Thu, 17 Nov 2016 22:27:03 +0000
Hi Thomas, All editions of Secret Server have the ability to schedule backups of the database/IIS directory – in addition, an admin can perform a plain text export of all “secrets” in a printable format – which could be stored in a safe/lock box/etc. We’re happy enough simply backing up the database/IIS dirs (very) regularly and keeping the backups in a separate location. The paid versions also support clustering/HA (as an add-on) but we have not seen the need to go that direction just yet. As far as having everything in one basket, we’ve see more benefit than risk so far. Centralizing the storage of passwords simplifies auditing and ensures compliance with password policies, etc. Then there’s the scenario where someone leaves the University and there’s a mad scramble to change the passwords they had access to or get into some third party account they used their creds for. Secret Server allows us to quickly determine what passwords they had access to with a simple report – and even delete all those passwords in one click – although that seems pretty extreme. Hope this helps. ~Taylor From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas Carter Sent: Thursday, November 17, 2016 3:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Storage I’ve looked into Thycotic; does the “all in one basket” aspect concern you? A problem with the server (corruption / failure / etc) and you have no passwords? What DR options do you have with your vault? Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.austincollege.edu_&d=CwMGaQ&c=Gm3BBxc8aT6kWRgL0BN82PxksiHdQKp4W7aI7_AdSxA&r=xDtDABfGYGJ71kVjoddAkDo50mNveYXRZ9AXjiL6brc&m=y8pN_cscxNfv8S487z5tCTS1wCGMV29tYU1_z6XqFEg&s=1V03MOtsPCTNTmM6kdW1NdImRi90gXogNszEPoTWek8&e=> [http://www.austincollege.edu/images/AusColl_Logo_Email.gif] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Curry Sent: Thursday, November 17, 2016 9:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Password Storage We are also using Thycotic Secret Server and have been for four or five years now. We've had it in a "high availability" configuration (basically an active/passive failover configuration) for about three years. We don't use the automatic password change functionality (one of these days...), but we have a few dozen people from three different teams using the vault on a daily basis and it works quite well. Support is always a pleasure to work with; I usually just do upgrades with one of their folks over a GoToMeeting screen share, and it goes smoothly. Integrating it with our two factor solution was easy as well (they have out-of-the-box support for pure RADIUS solutions like SecurID; our solution requires a little extra). --Dave -- DAVID A. CURRY, CISSP DIRECTOR OF INFORMATION SECURITY INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.curry () newschool edu<mailto:david.curry () newschool edu> [The New School] On Thu, Nov 17, 2016 at 10:18 AM, Jones, Justin <jucjones () iu edu<mailto:jucjones () iu edu>> wrote: My department, we use KeePass, it’s decent, but I personally use 1Password, and they have 1Password for teams now. Justin Jones VPR Information Technology Support (VPR IT) Office of the Vice President for Research IT Support Specialist – Team Lead 980 Indiana Ave Office: 2214 Lockefield Village 317-274-8962 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Chris Green Sent: Thursday, November 17, 2016 10:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Password Storage Bill, Are you allowing others on campus to use the personal version, or are you using the enterprise version for your campus? Thanks, -C. Chris Green Information Security Officer University of Texas at Tyler cgreen () uttyler edu<mailto:cgreen () uttyler edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barnes, William Sent: Thursday, November 17, 2016 9:00 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Password Storage I’m personally using lastpass, and I’ve been recommending it to people here that ask for a password manager. Thanks! --Bill ************************************************************************* * Bill Barnes, RHCE, CISSP * Manager of Technology Support Services * and Library Network Administrator * Technology Support Services * Bloomsburg University * ph: 570-389-2813 * e-mail: wbarnes () bloomu edu<mailto:wbarnes () bloomu edu> ************************************************************************* From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Crider Sent: Thursday, November 17, 2016 9:58 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Password Storage Does anyone have any recommendations for password storage? We’re evaluating Keeper (which we’ve heard some disparaging things about their support), and Last Pass. Thanks, Kevin -- Kevin Crider Director, Enterprise Systems Skidmore College 815 North Broadway Saratoga Springs, NY 12866 518.580.5929 kcrider () skidmore edu<mailto:kcrider () skidmore edu>
Current thread:
- Password Storage Kevin Crider (Nov 17)
- Re: Password Storage Barnes, William (Nov 17)
- Re: Password Storage Baillio, Aaron (Nov 17)
- Re: Password Storage Chris Green (Nov 17)
- Re: Password Storage Jones, Justin (Nov 17)
- Re: Password Storage David Curry (Nov 17)
- Re: Password Storage Thomas Carter (Nov 17)
- Re: Password Storage Taylor Randle (Nov 17)
- Re: Password Storage Garrett Hildebrand (Nov 17)
- Re: Password Storage Taylor Randle (Nov 17)
- Re: Password Storage David Curry (Nov 17)
- Re: Password Storage Barnes, William (Nov 17)
- Message not available
- Message not available
- Message not available
- Re: Password Storage David Curry (Nov 17)
- Re: Password Storage Brian Griffith (Nov 17)
- Re: Password Storage Russell Fulton (Nov 29)
- Re: Password Storage Harry Hoffman (Nov 29)
- <Possible follow-ups>
- Re: Password Storage Penn, Blake (Nov 17)