None of my passwords are written down anywhere, but in a previous life I had to write down vault combinations which were put in a sealed envelope like he said and put in the safe. The safe was in a space manned 24 hours a day so someone was ALWAYS watching it, and it was by someone who did not WANT to know how to get in that vault!
"Bonner, Jon" wrote: > > How do you ensure that it is the proper envelope? What I mean is, what's to > stop someone from opening the envelope and gaining the passwords, and then > resealing the passwords in a duplicate envelope? (Or have I read too many > Tom Clancy novels...) > > Jon Bonner > > -----Original Message----- > From: John Morris [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 17, 2001 9:58 PM > To: gminick; security-basics > Subject: Re: Passwords On Paper > > 6. All the important (router/server/firewall/switch/other) passwords are > stored in a fireproof safe in a sealed envelope, in the event of a > sysadmin's death/???. > When passwords are changed, so is the envelope, in addition to first being > verified as being the correct ones (some people use passwords as a job > security measure, which is lame). -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
