Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Password Security and Distribution

  • From: McLean Pickett
  • Date: Tue Jan 24 11:29:29 2006

Jeremy -

I've not found a better solution than PGP. Perhaps more a formalized
process for communicating password updates proactively is all you need.
Ideally, distributing passwords at 3am is too late.

In the past I've used small password database programs on a network
share. You are then left with verbal or PGP encrypted communications to
distribute a single new password to access the database versus
distributing all of the changed passwords. If you're interested try
http://www.anypassword.com

There are others who read this list that prefer distributing passwords
on paper. You can't hack into a piece of paper :) and if you have
physical access to the paper then you most likely have physical access
to the network equipment as well...

McLean
 

-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Jeremy Stinson
Sent: Tuesday, January 24, 2006 10:49 AM
To: nanog@merit.edu
Subject: Password Security and Distribution


All,

Our company is starting to grow rather quickly and we are starting to
have growing pains. We are in the need for a better mechanism for
sharing passwords between our engineers. Most of these passwords are for
our client's systems where some of them are controlling the password
schemes (aka requiring shared user accounts). We have a process in which
we change passwords every X days but, distributing these passwords to
everyone who needs them is starting to become a challenge. Also, handing
off passwords to someone who is stepping in to help out at 3am securely
is not easy. I have tried to do google searches but I have not been able
to find a good way or process to do this. I am wondering if anyone has
any ideas on how to handle this?

In other companies we have used a PGP keyring to secure a text file that
contained all of these passwords and then put them onto a shared
customer portal. The problem with this strategy is what happens if you
are not on your computer where PGP is installed?

Any suggestions will be welcomed.

Thanks in advance,

Jeremy




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.