[unisog] Designing Password Management System for Privledged Accounts

David Fetrow fetrow at apl.washington.edu
Thu Oct 20 18:14:52 GMT 2005


> Date: Thu, 20 Oct 2005 12:58:40 +1300
> From: Russell Fulton <r.fulton at auckland.ac.nz>
> Subject: [unisog] designing a password management system for
> 	privileged	accounts

> Hi Folks,
> 	We are currently looking at building a system to manage our
> root/administrator and other privileged account (oracle, etc) passwords.
.....
> 6/ enforce password 'quality' standards by using randomly generated
> passwords.

  Random passwords are an invitation to write passwords near a persons
  computer. That isn't a good idea if you are worried about employee A
  impersonating employee B (but can be nifty if you are entirely worried
  about external threats).

  Nonrandom password quality assurance software exists: e.g. the users
  can pick but it will be tested against a dictionary (no words), must
  have at least 1 punctuation mark, must have at least 2 digits and
  must beetween 12 and 20 characters long and that's my personal
  preference. That leads to less writing down.

  If it's a smallish group: 2-factor authentication (OTP lists
  on USB fobs, RSA SecureID, what have you) may be the way to go. It
  takes a lot pressure off that password as sole protection but you
  now have the overhead of managing passwords AND fobs.

   -David Fetrow
    APL-UW






More information about the unisog mailing list