Password Storage for Fun and Profit?

adwb asks: "I work for a small company which performs network installations and support for clients in the Seattle area. We have a handful of network admins and programmers who go out to client's offices to solve problems as needed. A problem we have been trying to deal with is the various administrator passwords for different client networks at different domain levels. It seems the easiest solution is not the most secure: just dump every client's administrator password into a text file and store it in a secure network location inside our local domain. Can any of you experienced network admins recommend a method (either pre-built software or custom database/interface solution) of storing client authentication information in a way that can be easily accessed by our employees (preferably from any computer, including their Pocket PC's) but secure from the outside world?" For those of you interested in protecting your personal passwords, an answer might be found in this tidbit from jswinth, but there are issues here, too: "The wired article about Never Forget Another Password talks about the Just1Key service allowing all your passwords to be accessible from any PC. They use an applet and encrypt the password information before it leaves the local PC. What about when you cannot trust the PC, like when using a public terminal? I would hate to have all my passwords compromised because I couldn't remember my password to my free New York Times account at the library."

Here's what we do

[Anonymous+Crowhead]

We have an ecrypted text file stored locally with all passwords written on it like this:

1. password

2. password2

etc.

On an ssl, password protected web site not hosted by us, we have a web page with:

Server x, root, password #1

Server x, admin, password #2

etc.

The people who need it keep all or part of the printed out text file in their wallets. I'm sure someone will point out some flaw, but it is pretty disconnected.