Password storage system



  • I was hoping that i'd be able to get a good reccomendation on a product here :D

    I'm looking for a password storage system that stores all passwords encrypted in some description, is usuable by multiple users and preferably has some access control capability and is easy to backup.

     I do realise that I want the world here ;)

    Thanks in advance for any help

     

    Peter 



  •  I don't get what you want. Are you looking for something to store all your passwords for you so you don't have to remember your password for 100 different sites?   Or are you looking for a way to store passwords for some application you are building?



  • Basically a secure system to store all the different passwords we have (not for sites as such, but for our systems) 



  •  Come to think of it we could use something like that as well, but I've never bothered to look. My first port of call would be SourceForge.



  • A quick search for "password manager" came up with several possibilities, but I've never used them so I can't recommend any in particular.  However, I'm curious:  If you're going to consolidate all passwords in one place (presumably all recoverable by a single password), wouldn't it be just as secure to use that same password on all of the systems?  Actually, a program like this seems even riskier because a single crack would reveal all of the passwords plus a handy list of systems where they work.

     



  •  I'd recommend KeePass, it has some features you need



  • I think the key difference is if we are securing them, we know they are encrypted. If you use the same password everywhere can you guarantee that everybody else hashes them?



  • @NullAndVoid said:

    A quick search for "password manager" came up with several possibilities, but I've never used them so I can't recommend any in particular.  However, I'm curious:  If you're going to consolidate all passwords in one place (presumably all recoverable by a single password), wouldn't it be just as secure to use that same password on all of the systems?

    Some systems have mutually contradicting requirements for passwords (e.g. one requires a mix of exactly 8 numbers, upper- and lowercase letters, another only accepts letters but requires at least 10). Some systems require you to change the password regularly. And most importantly (if it's for general use rather than just company-internal systems): do you really want the owner of any dinky web forum you use to know your online banking password?



  • @DOA said:

     Come to think of it we could use something like that as well, but I've never bothered to look. My first port of call would be SourceForge.

    Bruce Schneier's Password Safe? I use that one, though it's single-user it seems.

    At one of my older jobs, we had a "master password" for some sensitive stuff. So what I did was to actually build a simplistic "password encrypter" which generates a random-key for AES-128, encrypts your password, uses the "master password" SHA1 hash to XOR the encryption key and saves that alongside the encrypted password.

    We then saved the encrypted string (which was base64-encoded) in an Excel worksheet which was viewable by everyone. It seemed to be secure enough for us...



  •  ZDNet's password pro is a good one and free I think. Master password protected database of usernames/passwords with extra fields for comments etc.



  • Citrix Password Manager maybe, although I'm sure it wouldn't be as cost effective as some of the other suggestions here.



  • a small paper notebook and a pencil does the trick for me.

    For added security also carry a lighter or a box of matches (unless you like the taste of paper).



  • @NullAndVoid said:

    Actually, a program like this seems even riskier because a single crack would reveal all of the passwords plus a handy list of systems where they work.
     

    Depends.  If only a high level person (or two) has access to the master password and system, secondary passwords can be recovered if needed but are only given out those who perform limited functions.   Fire someone, change that one password, (or the master password and every single other one, in the event that the password guy carries a bottle of rootbeer everwhere.)


Log in to reply