Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Open Source Multi-User Password Management?

Posted by timothy on from the login-admin-password-blank dept.

An anonymous reader writes "I work in a network environment that requires multiple people to have access to numerous Wireless Access Keys, iTunes/iCloud accounts/passwords, hardware appliance logins, etc. I'm attempting to replace the ever popular 'protected' excel spreadsheet that exists in almost every network with all usernames and passwords just waiting to be discovered. Are there any open source, multi-user, secure and preferably Linux-based password management tools that the Slashdot community would recommend?"

5 of 198 comments (clear)

  1. Re:Better than the last place I worked at by jtownatpunk.net · · Score: 4, Interesting

    I once had a job where the list was kept on a printed page stored in a locked filing cabinet (no, it wasn't in the basement).

  2. VIM+OpenSSL by Anonymous Coward · · Score: 3, Interesting

    http://www.vim.org/scripts/script.php?script_id=2012

    Unlike and better than the majority of the password-saferizers out
    there, this keeps your passwords in a file which is both decryptable
    with standardized tools and in a human readable format (assuming
    you typed human readable usernames/passwords in the first place!)

    Ten years from now you'll still be able to decrypt your files, and you
    can share them with people who don't have the editor plugin.

  3. My password tool is completely unhackable... by JetScootr · · Score: 4, Interesting

    It's called pencil and paper. I have a notebook, and all pwds are encoded there. I have 4 simple rules for modifying what I write into what I type in. An example rule you could use is "Real pwds use only even digits; Passwords are written with all ten digits, odd digits are ignored". 2-4 simple rules will make it unhackable even for someone with physical control of passbook. (Never write down the rules - keep them in yer head).
    To keep the rules fresh, use different passwords and uids for every single app or website possible. You'll always be rehearsing the rules in yer head, you won't forget them.
    Here's an example from my current set: pwd= "RhinoPott=amus" Rule 1,3
    I'll bet you can't guess the real password in 10,000 tries. You don't know rules 1 or 3, which modify what's written. Go ahead, give me 10000 tries in a text file - I'll let you know if you get it.
    This really really works - I've been doing this way since the 1980's, and haven't misplaced a properly coded pwd yet.

    --
    Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
    1. Re:My password tool is completely unhackable... by pnot · · Score: 3, Interesting

      So how does your system apply to the original question -- sharing the passwords among multiple users? Do you all copy out the relevant parts of each other's notebooks and memorize each other's rules? Or do you tell each other the unencrypted passwords and re-encrypt them individually using personal rule-sets?

  4. Re:KeePassX by Sam+the+Nemesis · · Score: 3, Interesting

    I keep it on a USB drive.

    Better still, I keep my DB on Dropbox, so it is available anywhere I go - no need to carry USB pen drive.