Educause Security Discussion mailing list archives
Re: Password Management
From: Kevin Crider <kcrider () SKIDMORE EDU>
Date: Wed, 27 Feb 2019 15:50:31 +0000
The big diff for us is the portability of Keepass PLUS it's vulnerabilities. Being portable is a nice feature, but it also means someone can take the database file and you'd never know...and do all kinds of things with it... https://www.rubydevices.com.au/blog/how-to-hack-keepass 12 minutes to crack the master password. At least with a cloud service I can control it...turn it off...and monitor access. I love Keepass and agree it's way better than nothing...but IMO not much better than a spreadsheet... From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Maud, Phil Sent: Wednesday, February 27, 2019 10:06 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Management I've used keepass and have recommended it in the past It's a good price (free) and is pretty usable and most importantly isolated from the browser (which seems to be the source of numbers of password manager hacking attempts) I looked for encryption cracking against keepass and AFAIK it stands up pretty well - where I find vulnerabilities they seem to extend to other password managers as well (recent in memory password recovery being an example) The main argument I had about not using it commercially is that there is no master key which means that if a user loses their master password they have lost all their passwords in one go and no one in IT can undo that for them It's a basic password manager but better than no password manager... Regards Phil Maud Information Security Analyst Information Services, Building 63 (IT) G7 E: P.H.Maud () cranfield ac uk<mailto:P.H.Maud () cranfield ac uk> T: +44 (0) 1234 75 4879 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of William D Sanders Sent: Monday, February 25, 2019 12:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Password Management Is anyone using KeePass? I've used it before in a non-education environment, and it worked well for us. I'd love to hear about anyone's experience with it. Thanks, Dan From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Greg Williams Sent: Monday, February 25, 2019 10:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Password Management Looks like this topic hasn't been discussed in a while (~2 years). We *have* had around 100 users in LastPass Enterprise for our IT department for the past 4 years. This is the 4th year in a row that the price has increased 100% year over year. It was $8/year/user 4 years ago. So over 4 years $8*2*2*2 = ~62/year/user today. What is everyone else using these days? Are you using DUO with it as well? Thanks! Greg Williams, ME Director of Operations Office of Information Technology Lecturer Department of Computer Science University of Colorado Colorado Springs 1420 Austin Bluffs Parkway, (EPC 136A) Colorado Springs, CO 80918 Phone: (719) 255-3292 Connect: Skype<skype:gwillia5 () uccs edu?chat> | WebEx<https://uccs.webex.com/meet/gregwilliams> www.uccs.edu<http://www.uccs.edu/>
Current thread:
- Re: Password Management, (continued)
- Re: Password Management Chad Tracy (Feb 25)
- Re: Password Management Douglas R. Lomsdalen (Feb 25)
- Re: Password Management Ken Connelly (Feb 25)
- Re: [External] Re: [SECURITY] Password Management Gregg, Christopher S. (Feb 25)
- Re: Password Management William D Sanders (Feb 25)
- Re: Password Management Frank Barton (Feb 25)
- Re: Password Management Austin Bollinger (Feb 25)
- Re: Password Management Kevin Crider (Feb 27)
- Re: Password Management Barton, Robert W. (Feb 27)
- Re: Password Management Maud, Phil (Feb 27)
- Re: Password Management Kevin Crider (Feb 27)
- Re: Password Management Maud, Phil (Feb 27)
- Re: Password Management Barton, Robert W. (Feb 27)
- Re: Password Management Gunnells, David H (Feb 27)
- Re: Password Management Kevin Crider (Feb 27)
- Re: Password Management Frank Barton (Feb 25)
- Re: Password Management Chad Tracy (Feb 25)
- Re: Password Management Austin Bollinger (Feb 25)
- Re: Password Management Greg Williams (Feb 25)
- Re: Password Management Austin Bollinger (Feb 25)
- Re: Password Management Pardonek, Jim (Feb 26)
- Re: [External] Re: [SECURITY] Password Management Gregg, Christopher S. (Feb 26)