Link to home
Start Free TrialLog in
Avatar of dorato99
dorato99

asked on

Securing passwords

Hi,
 I just wanted to find out how you guys store your passwords, we have approximately 20 passwords that we use. We currently use a word document that is password protected but the problem with that is it is easy to crack. How do you guys go about storing your passwords?
ASKER CERTIFIED SOLUTION
Avatar of mdiglio
mdiglio
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Of course those were only suggestions....
I've never looked for a product that can do this but perhaps someone else has one
Also, If you find a program that you like that will store/manage passwords
make sure you trust the manufacturer!
SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Dorato might be talking about other passwords, not those used for admin accounts etc...
That is was I thought as well, perhaps bios passwords etc
Avatar of dorato99
dorato99

ASKER

Well you see we have a web server, file and  print server, firewall, isa server, 2 domain controller etc. These are only some of the computers the thing is not all of them are the same passwords and we might not have to log on a computer for maybe a month and we forget the passwords. There are 5 IT people which should know these passwords and it one forgets and no one is around I would like a way were he can check the password from somewere.
I have also thought of the paper in the safe option but was wondering if there was an other way, thx for all your replys hope we can get some other coments.
Hello,
Is there any way possible to give the necessary rights to a group to perform these actions?
Then add these users to that group.
Then they only have to remember their own password.
It might take sometime to go through and do this, but I think it will pay out quickly

Another benefit of what I described ( or any variation of it )
is when someone leaves the company you can just disable their account and not
worry about the 20 other passwords he/she had memorized
The thing is there are no acounts apart from administrator (which has very limeted rights) and and other user which is the real admin. These computers are all locked in a computer room but if you try to map these drives it asks for a password to enter it.
Hello,
To manage these computers you can run computer management and connect to the remote machine.
when this is opened you can then create/delete users and groups as you please

there are several ways to run this but one way is
start >> run >>  compmgmt.msc
when this opens right click where it says 'computer management (local)'  and choose connect to another computer.

First you will want to place all the users in question into a group using AD Users and Computers.

Its going to be some work, but it sounds like your current setup probably needs to be reorganized

Hi dorato99,

From your comment (Date: 02/15/2005 01:26PM PST)
>> Well you see we have a web server, file ......

I would suggest the one of following;

1. Create a common administrative user for all the servers you wish to administer. Give a very simple user name like Joe Smith (or anything that is very innoccouos - merges with most other common user accounts. Use an algorithm to derive the passwords (ref,. mdiglio's advice, which is a good start). This way all the 5 IT people would have to remember only the username and the algorithm. The drawbacks with this system: a. common username & password  (you break one, you have access to all - not a god idea from a security point of view), b. Your IT people would need to 'remember' the username and the algorithm, c. It would be difficult to 'blame' anyone if somthing is broken :-) ... (the common username/password would not identify the actual person who caused the mischief from the log files), d. If one of the IT people leaves/resigns, you would need to put in place a new algorithm to derive a new password and the rest of your IT people may not be around at time and would not know of the changes.

2. The paper and safe box (that I mentioned earlier.  The drawback here is: a. the physical key (how and where is it stored) b. making 5 or 6 copies of the key is again a security breach. c. if the server locations are at different places, you'l need that many number of safes.

3. This one is my favorite; for each of the 5 IT people, I create 5 separate admin accounts on each of these servers. This identifies each person who logs in to the server. The passwords for each user is different for each server. The actual user decides on the alogrithm or passwords. (e.g. 3 server; one webserver (WS1_INTERNAL_SJ), 1 domain server (DC1_INTERNAL_M1_SJ) and 1 firewall (FW1_WANLAN_SJ). admin username for the IT person dSolve_IT is mary_jane. [dSolve_IT is me and I decide on the algorithm; I decide to use a combination of server name and my username,  I decide on first two characters of my username (2nd letter capitalised) then the 1st three characters of the server (in reverse order) and finally the last 2 characters of my name] So, my passwords for the 3 servers would be mA1swne, mA1cdne and mA1wfne respectively, and I'm responsible for them. The other IT staff would similary work out their own algorithm/password. Drawback: a. if the servers have only 3 - 4 user accounts, having 5 more admin accounts not advisable. b. too much hassle initially setting this up. c. This takes paranoia to the next level :-)

Good Luck
Well we have finally decided to go with the safe option. The safe will be stored in the computer room which only IT admins have access which is 5 people. The safe will have a touch pad. The codes will be wrighten on a piece of paper which will be messed around such as mdiglio said. And there will also be a password protected CD which will have the same info as the paper kept in the safe.

Thx all for all your sugestions.
thanx, too.