?
Solved

Procedure / process to manage password envelop / pouch

Posted on 2014-01-22
4
Medium Priority
?
766 Views
Last Modified: 2014-02-06
to safeguard accounts & passwords for use in the event of an emergency,
server passwords are stored in a folded and stapled sheet of paper called
a password pouch.  

Can anyone share some of the procedures for administering the password pouches?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 29

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 400 total points
ID: 39802026
Use password box instead.  All the passwords can be stored there and then have them assigned through the legacy Locker section.
0
 
LVL 64

Accepted Solution

by:
btan earned 1240 total points
ID: 39802094
Some also state pouch as password wallet. Eventually it is a file itself so as a whole it should be able to maintain

a) confidentiality - also stay encrypted when at rest even if it reside in shared drive. Ensure temp files are not left behind with secure wipe.

b) Access control- Allow only authorised amd authenticated user access upon success verification.

c) Integrity - signature maintain in all version changes such that it is validated no tampering and audit log available to vouch chnages on who and when and what changes as applicable. Tampered or corrupted wallet should alert and escalate to admin promptly.

d) availability - ensure that it is make accessible via the valid software and machine designated to host the wallet. There should be  alert if wallet is missing reported such that it can be removed or replaced. Lilely abused as well even by privileged admin..hence ensure no shared accounts if possible. Self reset should be validates by user and not via helpdesk only.

In general, the hosted machine should be hardened and should restrict to the machine so that it is not exportable unless for machine changes authorised due to circumstances like hw changes etc.

The recovery process should be make available such that user will not be denied access for long period.  There are single sign on but I leave it out. ..

also some reference which may be useful

Password Management Best Practices @ http://hitachi-id.com/password-manager/docs/password-management-best-practices.html

...some password management guidelines to follow: Hitachi ID Systems Best Practices
Very insecure systems, such as those that use little or no cryptography to protect passwords, should not participate in a password synchronization system.

Synchronized passwords should be changed regularly, on the assumption that either some in-scope systems are vulnerable or that passwords may be compromised through non-digital means (social engineering, etc.).

Users should be required to select strong (hard to guess) passwords when synchronization is introduced.

Guide to Enterprise Password  Management (NIST Special Publication 800-118) @ http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf

The following items are general recommendations for using password management software:
¿
Set the software’s timeout feature so that access to the passwords will be automatically locked after an idle period, such as five minutes.
¿
Clear the buffer after the password is copied and pasted (many password management software programs do this automatically).
¿
Back up the password database periodically, especially after a password is changed. If the computer’s copy of the password database becomes corrupted or something adverse happens to the computer, the user can get the passwords from the backup copy of the password database.
¿
Use a strong master password that is not easily guessable or crackable, or an alternate form of authentication that is stronger than a password.
¿
Password management software should protect the confidentiality of stored passwords using FIPS-approved algorithms and implementations
0
 
LVL 9

Assisted Solution

by:jfer0x01
jfer0x01 earned 360 total points
ID: 39816904
Password pouch? Seem's old school and subject to simple theft, water damage, etc.

Maybe it's time to use a Software based password manager. Try Keepass/
Site: http://keepass.info/

One very long passphrase to store all the passwords you would normally keep in the pouch, and free.

Hope this helps.

Jfer
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1240 total points
ID: 39817089
keepass is not bad either, a good list is available here too.
http://www.dmoz.org/Computers/Security/Products_and_Tools/Password_Tools/

lastpass is another - https://lastpass.com/features_free.php
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question