Educause Security Discussion mailing list archives
Re: Passwords
From: Andrew Chiarello <achiarello () BRYNMAWR EDU>
Date: Thu, 15 Feb 2018 16:27:07 +0000
We're using a centralized, on-premises password manager (Team Password Manager, http://teampasswordmanager.com/). We've been using it for a few years now and we're pretty happy with it. Each person in the tool has access to only the passwords for their group, but the rules by group can vary on who can create, edit, or manage their passwords. We do have a few accounts with administrator access to all the passwords if needed. Andrew Chiarello Senior Network Engineer Bryn Mawr College (610) 526-7966 achiarello () brynmawr edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Madl, Michael Sent: Thursday, February 15, 2018 8:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Passwords Morning, Have a few questions on how your institution is managing IT passwords. These would include system admin accounts, service accounts with elevated access and other critical accounts. * Are you utilizing a centralized password manager? What is it? On-premise/Cloud? o If your answer is cloud what is your comfort level on uploading them to a provider? * If not centralized how are passwords managed in your decentralized environment? * How is access controlled to passwords? o Is there one person who has the keys to the kingdom? [CISO/ISO/CIO] or are your passwords accessed only as needed by defined roles? Does each area have a 'password manager'? Thanks in advance for you input and experience. MICHAEL MADL INFORMATION SECURITY OFFICER UNIVERSITY INFORMATION TECHNOLOGY INDIANA WESLEYAN UNIVERSITY 4201 SOUTH WASHINGTON STREET MARION, IN 46953 765.677.2688 | 765.677.2020 FAX michael.madl () indwes edu<mailto:mike.madl () indwes edu> [iwu] CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information. If you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this information. If you have received this email in error, please notify the sender by replying to this message and immediately delete this message.
Current thread:
- Passwords Madl, Michael (Feb 15)
- Re: Passwords Andrew Chiarello (Feb 15)
- Re: Passwords Barton, Robert W. (Feb 15)
- Re: Passwords Andrew Chiarello (Feb 15)