Educause Security Discussion mailing list archives
Re: Passwords
From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Thu, 15 Feb 2018 16:59:11 +0000
Morning, I thought we talked about this once before, but I can't find any of the emails from the conversation (may have been year plus). If anybody has them, and can share them, I had thought to do a spreadsheet for the group. Sound good?? Robert W. Barton Director of Information Security Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew Chiarello Sent: Thursday, February 15, 2018 10:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Passwords We're using a centralized, on-premises password manager (Team Password Manager, http://teampasswordmanager.com/). We've been using it for a few years now and we're pretty happy with it. Each person in the tool has access to only the passwords for their group, but the rules by group can vary on who can create, edit, or manage their passwords. We do have a few accounts with administrator access to all the passwords if needed. Andrew Chiarello Senior Network Engineer Bryn Mawr College (610) 526-7966 achiarello () brynmawr edu<mailto:achiarello () brynmawr edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Madl, Michael Sent: Thursday, February 15, 2018 8:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Passwords Morning, Have a few questions on how your institution is managing IT passwords. These would include system admin accounts, service accounts with elevated access and other critical accounts. * Are you utilizing a centralized password manager? What is it? On-premise/Cloud? o If your answer is cloud what is your comfort level on uploading them to a provider? * If not centralized how are passwords managed in your decentralized environment? * How is access controlled to passwords? o Is there one person who has the keys to the kingdom? [CISO/ISO/CIO] or are your passwords accessed only as needed by defined roles? Does each area have a 'password manager'? Thanks in advance for you input and experience. MICHAEL MADL INFORMATION SECURITY OFFICER UNIVERSITY INFORMATION TECHNOLOGY INDIANA WESLEYAN UNIVERSITY 4201 SOUTH WASHINGTON STREET MARION, IN 46953 765.677.2688 | 765.677.2020 FAX michael.madl () indwes edu<mailto:mike.madl () indwes edu> [iwu] CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information. If you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this information. If you have received this email in error, please notify the sender by replying to this message and immediately delete this message. This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
Current thread:
- Passwords Madl, Michael (Feb 15)
- Re: Passwords Andrew Chiarello (Feb 15)
- Re: Passwords Barton, Robert W. (Feb 15)
- Re: Passwords Andrew Chiarello (Feb 15)