Educause Security Discussion mailing list archives

Re: Passwords

From: Andrew Chiarello <achiarello () BRYNMAWR EDU>
Date: Thu, 15 Feb 2018 16:27:07 +0000

We're using a centralized, on-premises password manager (Team Password Manager, http://teampasswordmanager.com/). We've 
been using it for a few years now and we're pretty happy with it.

Each person in the tool has access to only the passwords for their group, but the rules by group can vary on who can 
create, edit, or manage their passwords. We do have a few accounts with administrator access to all the passwords if 
needed.

Andrew Chiarello
Senior Network Engineer
Bryn Mawr College
(610) 526-7966
achiarello () brynmawr edu



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Madl, 
Michael
Sent: Thursday, February 15, 2018 8:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Passwords

Morning,

Have a few questions on how your institution is managing IT passwords.  These would include system admin accounts, 
service accounts with elevated access and other critical accounts.


*        Are you utilizing a centralized password manager?  What is it? On-premise/Cloud?

o   If your answer is cloud what is your comfort level on uploading them to a provider?

*        If not centralized how are passwords managed in your decentralized environment?

*        How is access controlled to passwords?

o   Is there one person who has the keys to the kingdom? [CISO/ISO/CIO] or are your passwords accessed only as needed 
by defined roles?  Does each area have a 'password manager'?

Thanks in advance for you input and experience.



MICHAEL MADL
INFORMATION SECURITY OFFICER
UNIVERSITY INFORMATION TECHNOLOGY

INDIANA WESLEYAN UNIVERSITY
4201 SOUTH WASHINGTON STREET
MARION, IN 46953

765.677.2688   |   765.677.2020 FAX
michael.madl () indwes edu<mailto:mike.madl () indwes edu>

  [iwu]

CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information.  If 
you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this 
information. If you have received this email in error, please notify the sender by replying to this message and 
immediately delete this message.

Current thread:

Passwords Madl, Michael (Feb 15)
- Re: Passwords Andrew Chiarello (Feb 15)
  - Re: Passwords Barton, Robert W. (Feb 15)