Monday, March 28, 2011

P@$$W0rD$

As a young naive network admin I thought I could remember everything about everything.  Writing things down, especially passwords, was a waste of time and a security problem.  Well, as things often do, my view on this has come full circle.

Password management is an important part of network documentation.  Without a plan, you end up with two things happening.  First you end up forgetting that rarely used password for the oddball piece of equipment in the back closet of the back room of the building into which no one ever goes.  Unfortunately the day after you forget totally about it, it acts up and you have to get access to it's command line quickly to fix the problem.  Second you end up with a lot of systems having the exact same username and password combination.  This means that when you have to share the password with a technician that doesn't need access normally you will have to reset the password everywhere.  Oh and you do remember everywhere it needs reset right?  

Both of those scenarios were about keeping yourself in the loop, but password management is also important in the event of a loss of personnel.  I often refer to this as the "What if Ben is hit by a bus tomorrow?" information that someone will need to run things if I die or otherwise am no longer at the company.  I really don't want the company sending Jack Bauer into my ICCU room to coerce the passwords out of me while doped up for pain or something.

My solution to managing passwords, both professionally and personally, is to use an application that creates an encrypted file containing all of the passwords.  There are two such software packages (both opensource) that I have used.  The first is PasswordSafe and the other is KeePass.  I personally have settled on KeePass because the application is available for Linux (using Mono), Windows and iOS (Apple, not Cisco).  I have two files, one for work and one for home.  The iPhone app is synchronized manually using a builtin webserver over the phone's wifi connection.  I use Dropbox to synchronize the files between computers.

4 comments:

  1. thats probably something a lot IT people, myself included, don't exactly follow best practice.

    ReplyDelete
  2. I myself use passwordsafe and have for years for my personal life. I highly recommend it, but have been looking for a more portable (linux and iOS), so will have to take a look at KeePass.

    Also, do you trust your password file being kept on a server that you do not control? It is encrypted for sure, but given enough time anything can be decrypted, imo.

    ReplyDelete
  3. I don't keep my high value KeePass on Dropbox, just the one with passwords for various low value sites.

    ReplyDelete