Re: [Blind-sysadmins] On the Topic of Passwords

I have a few questions: 1. What hardware key are you using? 2. What do you use to administer that hardware key? 3. Is this a USB key or some kind of fob with a display? 4. Does the key expire after a determined amount of time? 5. How much has it cost you to implement this solution? 6. How much resources does it take? -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Kelly Prescott Sent: Friday 5 August 2016 15:13 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] On the Topic of Passwords I use YubiKeys and a encrypted storage space for all my credentials. I have to have a hardware token, and remember one long master phraise and then I can get into any of my other information. Yes this took me years to perfect, but it works well and I am not tied to one system. for example, I use public keys for ssh, certificates for vpn(s) and 2-factor authentication for most Microsoft systems I use. I use random password generators to gen long passwords, and as they are stored in my encrypted storage, I do not have to deal with some one elses cloud-based manager which might be compromised. I have several different keys and I have backups securely stored incase of disaster with my primary hardware tokens or credentials. kp On Thu, 4 Aug 2016, Billy Irwin wrote:

Hi Vick,

I am running an AD here but I agree with you. My web hosting business is all CentOS. I have many dedicated and virtual enviroments to maintain credentials for. I've not found one out there that does what I want as it regards sharing the access to these credentials.

Thanks,

Billy

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of vic.pereira@ssc-spc.gc.ca Sent: Thursday, August 4, 2016 10:02 AM To: blind-sysadmins@lists.hodgsonfamily.org Subject: Re: [Blind-sysadmins] On the Topic of Passwords

If you don't mind putting all of your eggs into one basket Microsoft's Active Directory is useable. But this ties you to all of their networks and systems. Our challenge is that we have a plethora of systems ranging from Microsoft to Oracle to Lotus Notes to Netware and the list goes on.

Vic Pereira   Project Manager,  Networks and End-Users Branch Shared Services Canada / Government of Canada vic.pereira@ssc-spc.gc.ca / Tel: 204-781-5046   Gestionnaire de projet, Direction des réseaux et des utilisateurs finaux Services partagés Canada / Gouvernement du Canada vic.pereira@ssc-spc.gc.ca / Tél: 204-781-5046  

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Billy Irwin Sent: Thursday, August 04, 2016 08:46 To: jheim@math.wisc.edu; Blind sysadmins list Subject: Re: [Blind-sysadmins] On the Topic of Passwords

Hi Guys,

What would be a good accessible password manager?

Thanks,

Billy

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of John G Heim Sent: Wednesday, August 3, 2016 10:48 AM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] On the Topic of Passwords

But as a systems admin, you're running into way more sensitive issues than ethical hacking. For instance, a typical email administrator has way more temptations to deal with than you'd get from knowing how to hack into someone's machine. As the systems admin for the file server and the database server in my department, there is nothing I can't get to. I would never poke around in that stuff though. If I did that, I couldn't look at myself in the mirror every morning. Well, I can't do that anyway but I'd be like, "If I could see you, I'd be ashamed."

On 08/03/2016 08:45 AM, Katherine Moss wrote:

...

In regards to the postit notes thing ... drives me nuts. I love password managers. I'd love to do ethical hacking courses too, but then the temptation would be too great to mess with my techie friends. The issue then becomes, when does a harmless prank turn into a legal battle?

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of vic.pereira@ssc-spc.gc.ca Sent: Wednesday, August 03, 2016 9:22 AM To: jheim@math.wisc.edu; blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] On the Topic of Passwords

Many departments we support have several systems. These all require their own passwords that expire at different times. They also have different requirements for complexity.

For some reason the people who develop policies around these issues feel that it is more secure keeping everything isolated than it is to have the tools in place to synchronise all the login accounts and passwords.

The tech guys who are our boots on the ground keep saying that these behaviours have made their jobs a lot easier. When they need to troubleshoot and resolve issues often the person putting in the request is not at their workstation. Because of all the systems being stand alone, it is amazing how often it is possible to find user accounts and passwords on posted notes under people's keyboards.

Vic Pereira

Project Manager, Networks and End-Users Branch Shared Services Canada / Government of Canada vic.pereira@ssc-spc.gc.ca / Tel: 204-781-5046

Gestionnaire de projet, Direction des réseaux et des utilisateurs finaux Services partagés Canada / Gouvernement du Canada vic.pereira@ssc-spc.gc.ca / Tél: 204-781-5046

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

-- -- John G. Heim; jheim@math.wisc.edu; sip://jheim@sip.linphone.org

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins