I wouldn't recommend it for corporate enterprise use, but Bruce Schneier has suggested that individuals treat passwords the same way they treat every other bit of personally important or valuable data...put it in your wallet.
He suggested that, since it's the best practice to not use the same password at multiple sites, that you write down your passwords for sites on a piece of paper and store it with your other valuables. Then, when you lose your wallet, you go through the exact same procedure you do when you cancel the other important bits like credit cards. --Matt On Sun, May 15, 2011 at 7:56 PM, Tracy Reed <[email protected]> wrote: > On Sat, May 14, 2011 at 10:49:27PM -0400, Greg R spake thusly: >> On Sat, 14 May 2011 19:44:42 -0400, Tracy Reed <[email protected]> >> > What do you mean by "root password prefix"? >> >> I ran into something like this before. The password is an acronym with >> substitutions: >> >> "Fred is no longer working here April 9th" = F1NLw#49 > > Implemented that way, it really doesn't seem so bad and I do similar although > I > wonder how many then go on to use that same "secure" password on multiple > systems. > > I was thinking it might be something like what one shop I am familiar with > does: > > "Fred Is Fired" = FIF > > mailserver password = FIF_mail > > fileserver password = FIF_file > > database password = FIF_data > > and so on. > > The prefix (same on every machine) then an underscore followed by the first > four letters of the hostname. For the record, I recognize this as a really bad > idea. They are even an e-commerce shop so credit card data is involved. I am > working on getting this changed but they have been told "never write down > passwords." so there has been resistence. There are password keeper programs > which use a master password to encrypt the list of passwords but those work > better for personal use: If we have to change or add a server root password I > don't want to have to get everyone to update their personal lists. I am > leaning > towards A GPG encrypted file on an internal server somewhere as is my standard > practice although if The Boss, who has no command line skills, wants access to > it also for purely territorial reasons as he has no legitimate reason, that > may > be an issue. > > I'm sure this is a common problem. What do the rest of you do? > > -- > Tracy Reed > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > -- LITTLE GIRL: But which cookie will you eat FIRST? COOKIE MONSTER: Me think you have misconception of cookie-eating process. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
