Oh yeah, and the database is triple encrypted for added security, and if you go with AD integration for the authentication, users have to synchronize their old and new AD passwords when they log in to prevent malicious tampering with a user's account.
Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Services -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Tuesday, April 28, 2009 2:07 PM To: NT System Admin Issues Subject: Re: Managing your passwords was (RE:Password Policy - - how do you handle this?) How much for this? I've been longing for a decent (any!) OSS heirarchical password manager, where the super user has access to all passwords, and other have access to only the passwords they've been granted. Haven't found one yet. On Tue, Apr 28, 2009 at 10:40, James Winzenz <[email protected]> wrote: > We use a web-based tool called Enterprise Password Safe. It allows us to > store both personal passwords as well as passwords for service accounts that > need to be shared between groups of IS employees. It can use either its own > authentication mechanism or active directory authentication for accessing > the website. As it does not effectively tie into other systems, it is not > an enterprise password manager (which we would prefer, but too expensive), > but it does a good job for the price. > > > > http://www.enterprise-password-safe.com/ > > > > Thanks, > > > > James Winzenz > > Infrastructure Systems Engineer II - Security > > Pulte Homes Information Services > > ________________________________ > > From: Jonathan Link [mailto:[email protected]] > Sent: Tuesday, April 28, 2009 10:33 AM > To: NT System Admin Issues > Subject: Managing your passwords was (RE:Password Policy - - how do you > handle this?) > > > > I thought I'd hijack this thread and ask how others manage the myriad > passwords they have. > > > > I did something crazy when I got to 10+ passwords, I started writing them > down. I have two lists, one is a list of sites, the other is a list of > passwords. The list of sites is stored in my network share, the passwords > are actually stored in a handwritten note in my wallet. Neither us useful > without the other, and in the event I'm mugged for my wallet, I have a > relatively convenient listing of all the myriad passwords I need to set > about changing. And to answer a question, no, my work account password > isnt' stored anywhere except in my head. I've also found I'm much less > likely to recycle a password accidentally using this method. > > > > I have no idea where I came up with this, I doubt I'm creative enough to > think of this on my own. > > > > -Jonathan > > > > On Tue, Apr 28, 2009 at 1:09 PM, Ben Scott <[email protected]> wrote: > > On Tue, Apr 28, 2009 at 12:28 PM, Jeremy Anderson <[email protected]> > wrote: >> Passowrd Policy is that password expires after 90 days, 10 passwords >> remembered, Min Password age 0. On the 89th day the user changes their >> password 11 times back to the expiring password. Changein the Min >> password >> age to 1 would prevent that from happening. > > That's it exactly. > > For some of our government interest systems, it's min age 7 days, 24 > passwords remembered. That's about half a year's worth of weekly > password cycling to reuse the same password. Also max age 90 days, 12 > character minimum, complexity checking enabled. There are several > such systems, and you're not supposed to use the same passwords across > multiple systems. Oy, passwords coming out my ears. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > ________________________________ > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately > by email and delete the message and any file attachments from your computer. > Thank you. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
