How do you store and manage passwords at work?

Sp33dFr33k

2[H]4U
Joined
Apr 20, 2002
Messages
2,481
I've been places where used expensive software to manage passwords and I've been some places where it's a spreadsheet on a IT server.

I'm looking for something now that can be hosted internally and doesn't need internet access to work. This would be for no more than 5 users and would store all our of internal login/passwords.

What are you using in your environment?
 
In my case, we do not use shared password ever.

We also use lastpass, wich require internet access, but I heard great things about keepass.
 
Authanvil? http://www.scorpionsoft.com/

I personally use keepass, but where 5 people are logging in, I don't see how that would work (1 person updates a password and the other 5 don't see it if the database file isn't updated, file locking, etc).
 
LastPass Enterprise and SecretServer are the two I'm most familiar with. I'm sure you don't want people having certain access they shouldn't have and Keepass isn't exactly meant for a multi-user environment and a spreadsheet doesn't let you limit such controls.
 
Authanvil? http://www.scorpionsoft.com/

I personally use keepass, but where 5 people are logging in, I don't see how that would work (1 person updates a password and the other 5 don't see it if the database file isn't updated, file locking, etc).

If you save the KeePass extension file in a cloud based platform (Dropbox, Google Drive) then this works great. I've been using KeePass this way for a while. Whenever a change is made its synced automatically.
 
If you want a network based version with permission levels use secret server.

If you don't care who sees what, use keepass
 
If you don't care who sees what, use keepass

Assuming you're using a master key (in the least), this is not a problem with KeePass. Only the people who have the master key have access.

If you have some passwords that you want only 1/2 the department to have access to, you make secondary KeePass databases. (We have 3, and I also have my own personal one.)
 
Assuming you're using a master key (in the least), this is not a problem with KeePass. Only the people who have the master key have access.

If you have some passwords that you want only 1/2 the department to have access to, you make secondary KeePass databases. (We have 3, and I also have my own personal one.)

Where do you go to make the second password in keepass?
 
Where do you go to make the second password in keepass?

File > Change Master Key.

You can only have 1 master key (for each database), but it can be used in conjunction with the other security methods (user account [not recommended] or key file).

My suggestion would be again to have different KeePass databases. You can take the 1 existing one, copy and paste that file, rename it, and then open it in KP, remove what you don't want those other employees to have, and then change the master key for it as well.

Half the department gets the 'half access' file with 1 master key; the rest of the department (senior/managers etc) gets the full access file with a different master key.

Again, we have 3 here (though mainly only 2 are used). They have them split up with different info in each; one is an Admin KP database, the other is store support, the 3rd is older stuff. My personal one, I have one that I use with everything, and then I have one saved out on the public drives that is only my work entries (but nothing personal) that way the rest of the department can load that if they want without getting all of my other stuff (like my [H] login ;)).
 
I use KeePass, but it is only great for one user access at a time.

LastPass fixes that problem and more (allows you to set access levels for children accounts), but costs a subscription fee for their service.
 
Currently a couple of my clients are using 1password, which really isn't cutting it for business use, but theres only 3 of us using it so almost works out. For personal use I love it and can't see me changing any time soon. But the business side I'm struggling to find a nice solution to multi user password management.

The directors do not want to use a paid service and store everything in the 'cloud' due to potential security risks, be interest to see how others manage this :)

Have been at a few companies which simply store everything in a unencrypted db/excel spreadsheet!
 
I use KeePass, but it is only great for one user access at a time.

?

Not sure how you're using it, but we have ours out on public shares, and usually 3 people have the same db open at the same time. :confused:

That being said, yeah, 2+ can't have it open and all have write access, but you can have 2+ with read access.
 
?

Not sure how you're using it, but we have ours out on public shares, and usually 3 people have the same db open at the same time. :confused:

That being said, yeah, 2+ can't have it open and all have write access, but you can have 2+ with read access.
That's what I meant.
 
Something is wrong when your company is too cheap to spring for $10/month for an enterprise-grade solution.
 
At work we use a program called PINs. At home I wrote a simple php/mysql web interface. I originally used PINs too but when I switched to Linux I decided I wanted something web based so it works from anywhere. (well, I have to VPN to my network if I'm not on it). It's kinda crude though, my login password is basically the encryption key. So if I change my password I have to re-encrypt everything. Probably a better way of doing it.
 
Don't have them on a computer at all. Make laminated password cards, like these:

http://www.passwordcard.org/en

And keep in mind you can start your password with any character on the card, in any direction (forwards, backwards, diagonal). Make them ubiquitous so if someone loses one, they can just grab another. All they need to remember is where the passwords they use start and in what direction they go. The cards are useless to anyone else if they are lost or stolen; they can left out out in plain view for anyone to see. Just don't be dumb and mark your password beginnings on the card.
 
Don't have them on a computer at all. Make laminated password cards, like these:

http://www.passwordcard.org/en

And keep in mind you can start your password with any character on the card, in any direction (forwards, backwards, diagonal). Make them ubiquitous so if someone loses one, they can just grab another. All they need to remember is where the passwords they use start and in what direction they go. The cards are useless to anyone else if they are lost or stolen; they can left out out in plain view for anyone to see. Just don't be dumb and mark your password beginnings on the card.

That is brilliant, yet, so simple! You just have to remember the line/direction (which is not that hard if you use it every day) and you are set. Heck, if you want to always use the same line/direction you just change the card once in a while.
 
I use MS OneNote. I keep not only the passwords, but other useful stuff like How-To or Network maps, or Vendor information. It is nice cause everything you could possibly need is in one place pretty much. If I were to just up and quit today my replacement would pretty much have everything they need to know in my OneNote.
 
I've taken a look at AuthAnvil. That may work well for us. Most of the other tools seem to focus solely on storing passwords for websites (maybe I'm wrong about that). We just need a vault to store passwords locally that can then be accessed by a few people. Have two factor authentication would be a good feature as well.
 
In my case, we do not use shared password ever.

We also use lastpass, wich require internet access, but I heard great things about keepass.

wasn't last pass compromised earlier this year or last

Cloud = bad idea to host your passwords.

Keepass or other locally hosted system.
 
Encrypted Excel File


Just kidding, I dont know what we use. But we consult clients to use CyberArc
 
PasswordSafe for me. I use it in combination with PasswdSafe and PasswdSafeSync on my Android device, utilizing Google Drive for storing the password file and all backups. Sync it across 4 devices without issue!
 
Display them on national TV for all to see. The Brazilian World Cup's security center did the latest in about half a dozen such events:

brazilfail.png


http://www.esecurityplanet.com/wire...team-accidentally-reveals-wi-fi-password.html
 
Don't have them on a computer at all. Make laminated password cards, like these:

http://www.passwordcard.org/en

And keep in mind you can start your password with any character on the card, in any direction (forwards, backwards, diagonal).

So I printed one of them out, showed it to a colleague of mine and he said:

"Dude, that's like 40 characters on a line, that's way too long to type in all the time."

Then there was an awkward pause, during which I tried to get over being stunned, which was followed by me saying:

"Well, you could just use the first 8 characters if that's what you want to do."

Which was followed by another awkward pause after which he said "Oh..." and I said "Yea ...." and that was the end of that discussion. Good times!
 
We recently moved from KeePass to PasswordState, which is server based.

How do you like it so far? Does it do a good job of providing a way to allow many users access to the program while only allowing them to view their own passwords? From reading their site, it looks promising.
 
I used to keep strong passwords for work like: Kd4!!dns78F$0ad91. I'd change it once in a while .

Then the brilliant IT director made the policy that everyone has to change their PW every 30 days. Now my password is "Happy1", when that expires, "Happy2" and so on.
 
Back
Top