Re: Password Storage

[Taylor Randle <TRandle () PARKER EDU>]

Hi Thomas,

All editions of Secret Server have the ability to schedule backups of the database/IIS directory – in addition, an 
admin can perform a plain text export of all “secrets” in a printable format – which could be stored in a safe/lock 
box/etc. We’re happy enough simply backing up the database/IIS dirs (very) regularly and keeping the backups in a 
separate location. The paid versions also support clustering/HA (as an add-on) but we have not seen the need to go that 
direction just yet.

As far as having everything in one basket, we’ve see more benefit than risk so far. Centralizing the storage of 
passwords simplifies auditing and ensures compliance with password policies, etc. Then there’s the scenario where 
someone leaves the University and there’s a mad scramble to change the passwords they had access to or get into some 
third party account they used their creds for. Secret Server allows us to quickly determine what passwords they had 
access to with a simple report – and even delete all those passwords in one click – although that seems pretty extreme.

Hope this helps.

~Taylor

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas 
Carter
Sent: Thursday, November 17, 2016 3:51 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Storage

I’ve looked into Thycotic; does the “all in one basket” aspect concern you? A problem with the server (corruption / 
failure / etc) and you have no passwords? What DR options do you have with your vault?

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.austincollege.edu_&d=CwMGaQ&c=Gm3BBxc8aT6kWRgL0BN82PxksiHdQKp4W7aI7_AdSxA&r=xDtDABfGYGJ71kVjoddAkDo50mNveYXRZ9AXjiL6brc&m=y8pN_cscxNfv8S487z5tCTS1wCGMV29tYU1_z6XqFEg&s=1V03MOtsPCTNTmM6kdW1NdImRi90gXogNszEPoTWek8&e=>
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Curry
Sent: Thursday, November 17, 2016 9:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Password Storage

We are also using Thycotic Secret Server and have been for four or five years now. We've had it in a "high 
availability" configuration (basically an active/passive failover configuration) for about three years. We don't use 
the automatic password change functionality (one of these days...), but we have a few dozen people from three different 
teams using the vault on a daily basis and it works quite well.

Support is always a pleasure to work with; I usually just do upgrades with one of their folks over a GoToMeeting screen 
share, and it goes smoothly. Integrating it with our two factor solution was easy as well (they have out-of-the-box 
support for pure RADIUS solutions like SecurID; our solution requires a little extra).

--Dave





--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.curry () newschool edu<mailto:david.curry () newschool edu>

[The New School]

On Thu, Nov 17, 2016 at 10:18 AM, Jones, Justin <jucjones () iu edu<mailto:jucjones () iu edu>> wrote:
My department, we use KeePass, it’s decent, but I personally use 1Password, and they have 1Password for teams now.

Justin Jones
VPR Information Technology Support (VPR IT)
Office of the Vice President for Research
IT Support Specialist – Team Lead
980 Indiana Ave
Office:  2214 Lockefield Village
317-274-8962


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Chris Green
Sent: Thursday, November 17, 2016 10:09 AM

To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Password Storage

Bill,

Are you allowing others on campus to use the personal version, or are you using the enterprise version for your campus?


Thanks,

-C.

Chris Green
Information Security Officer
University of Texas at Tyler
cgreen () uttyler edu<mailto:cgreen () uttyler edu>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Barnes, 
William
Sent: Thursday, November 17, 2016 9:00 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Password Storage

I’m personally using lastpass, and I’ve been recommending it to people here that ask for a password manager.


Thanks!
--Bill
*************************************************************************
* Bill Barnes, RHCE, CISSP
* Manager of Technology Support Services
* and Library Network Administrator
* Technology Support Services
* Bloomsburg University
* ph: 570-389-2813
* e-mail: wbarnes () bloomu edu<mailto:wbarnes () bloomu edu>
*************************************************************************


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin 
Crider
Sent: Thursday, November 17, 2016 9:58 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Password Storage

Does anyone have any recommendations for password storage?

We’re evaluating Keeper (which we’ve heard some disparaging things about their support), and Last Pass.


Thanks,

Kevin

--
Kevin Crider
Director, Enterprise Systems
Skidmore College
815 North Broadway
Saratoga Springs, NY 12866
518.580.5929
kcrider () skidmore edu<mailto:kcrider () skidmore edu>