Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Nov 2014
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How do you securely manage privileged passwords?

    It is difficult to securely manage access to thousands of privileged accounts. In our organization, i noticed that the passwords to privileged accounts are often the same on many systems and rarely (if ever) changed. I know there are serious consequences to these password management practices, there is no accountability for use of shared, privileged accounts. This is both a security / regulatory compliance problem and a problem with diagnosing operational problems. Are there several technological approaches to more securely manage server privileged passwords?

  2. #2
    New Coder
    Join Date
    May 2006
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have never been in a position of managing other people's passwords.

    I am curious: how do you know how secure or insecure all these passwords are?
    Are you the IT/security person for this organization?

    Regardless of the fact some of these passwords may be the same across systems, I think a more important aspect is the security of the database in which they are saved. If they are saved in a Word document without a password, I would be very concerned. Even with a password, that still wouldn't be secure. The same can be said of, say, an Excel spreadsheet or any other popular program. The database in which all this information is saved must be encrypted by the best encryption routines currently available, and the best security practices must be followed.

    A couple years I recall (I think!) LinkedIn was hacked and it was learned that they weren't salting user names. So once the hackers established a pattern, getting more info became easier and easier. It is factors like this that have to be considered.


    On a personal level, for myself, I use a password manager. There are many free and paid options available, and they offer extremely strong encryption options. Plus they can generate difficult-to-crack passwords and they don't use just a password to open, but an pass phrase. Since I have about 100 accounts for things, it is much easier to save this info where it is strongly encrypted.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •