Slashdot Mirror

← Back to Stories (view on slashdot.org)

Password Storage for Fun and Profit?

Posted by Cliff on from the accessible-but-secure dept.

adwb asks: "I work for a small company which performs network installations and support for clients in the Seattle area. We have a handful of network admins and programmers who go out to client's offices to solve problems as needed. A problem we have been trying to deal with is the various administrator passwords for different client networks at different domain levels. It seems the easiest solution is not the most secure: just dump every client's administrator password into a text file and store it in a secure network location inside our local domain. Can any of you experienced network admins recommend a method (either pre-built software or custom database/interface solution) of storing client authentication information in a way that can be easily accessed by our employees (preferably from any computer, including their Pocket PC's) but secure from the outside world?" For those of you interested in protecting your personal passwords, an answer might be found in this tidbit from jswinth, but there are issues here, too: "The wired article about Never Forget Another Password talks about the Just1Key service allowing all your passwords to be accessible from any PC. They use an applet and encrypt the password information before it leaves the local PC. What about when you cannot trust the PC, like when using a public terminal? I would hate to have all my passwords compromised because I couldn't remember my password to my free New York Times account at the library."

4 of 75 comments (clear)

  1. Roboform! by fm6 · · Score: 4, Informative

    Check out RoboForm. Snarfs up passwords, automatically enters them for you. Passwords can be saved to Palm, PocketPC, or USB key. Supports Firefox.

  2. Here's what we do by Anonymous+Crowhead · · Score: 4, Interesting

    We have an ecrypted text file stored locally with all passwords written on it like this:

    1. password

    2. password2

    etc.

    On an ssl, password protected web site not hosted by us, we have a web page with:

    Server x, root, password #1

    Server x, admin, password #2

    etc.

    The people who need it keep all or part of the printed out text file in their wallets. I'm sure someone will point out some flaw, but it is pretty disconnected.

  3. Two open source solutions by lucidvein · · Score: 4, Informative

    http://keepass.sourceforge.net/
    The program stores your passwords in a highly encrypted database. This database consists of only one file, so it can be easily transferred from one computer to another.

    KeePass supports password groups, you can sort your passwords (for example into Windows, Internet, My Homepage, etc.). You can drag-n-drop passwords into other windows. The powerful auto-type feature will type usernames and passwords for you into other windows. The program can export the database to various formats (like TXT, HTML, XML, CSV, ...). It can also import data from various other formats (Password Safe v2 TXT files, CSV files, ...).

    http://passwordsafe.sourceforge.net/
    Password Safe is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows (95/98/NT/2000/XP). An older (but fully functional) version is available for PocketPC. Linux/Unix clones that use the same database format have also been written (see Related Projects).

    --

    "I have a cunning plan..."

  4. Paper... by joto · · Score: 5, Funny
    You see, there is a form of written communication that predates the computer, and is very secure once you've taken care of the physical security. It is also portable, easy to carry, does not require electricity, or any form of advanced machinery. It will survive in temperatures from far below human tolerance, to +70 celcius. It can be damaged by exposure to water, but because of it's flexible form, can easily be stored in an airtight container. This miracle medium is called: PAPER!

    You write the passwords you need on a piece of paper. If there are lots of passwords to be remembered, an electronic device called a "printer "can transfer the passwords from a computer at your office building to the paper.

    The paper is carried by the admin to whatever clients he need to go to. Once at the client, he fetches this piece of paper, and use his eyes to retrieve the passwords he need. The passwords are typed manually by the admin into the clients computer.

    As your admin finishes his job, the paper containing the passwords can be easily destroyed. A device specifically made for this, called a "paper shredder" exists in many offices, and your admin is likely to find one at the clients office.

    If a client does not have a paper shredder, the admin may choose to use the fallback solution of tearing apart the paper with his hands, followed by flushing it down the toilet. Another solution is to ignite the paper with a device called a "lighter", something that can usually be found at the back entrance of the clients building (just ask one of the smokers there).

    I hope this suggestion helps!