On Tue, Nov 01, 2011 at 09:42:29PM -0400, Edward Ned Harvey spake thusly: > How does one implement single-use passwords? There must be some kind of
Most places I've seen have the password set by the CTO or senior sysadmin or some responsible person who then writes it down and seals it in some sort of container (in my experiences it was a breakable plastic vessel/box of some sort although I've heard of people using sealed envelopes) which are kept conspicuously visible in a 24/7 manned and secured space such as a NOC. Sometimes the password containers are just hanging on the wall but in one case it was further secured inside a plexiglass case on the wall with a lock which only the people specifically authorized to use the passwords had a key to. Everyone can see that the password has not been touched and when it is needed the NOC guys or sysadmins break open the sealed vessel/envelope and deals with the emergency. The person responsible for setting passwords finds out via notification or seeing the broken seal, investigates, resets the passwords, and then takes whatever other follow-up action is necessary. -- Tracy Reed Digital signature attached for your safety. Copilotco Professionally Managed PCI Compliant Secure Hosting 866-MY-COPILOT x101 http://copilotco.com
pgpjm7GEDoiY9.pgp
Description: PGP signature
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
