[unisog] Designing Password Management System for Privledged Accounts
fetrow at apl.washington.edu
Thu Oct 20 18:14:52 GMT 2005
> Date: Thu, 20 Oct 2005 12:58:40 +1300
> From: Russell Fulton <r.fulton at auckland.ac.nz>
> Subject: [unisog] designing a password management system for
> privileged accounts
> Hi Folks,
> We are currently looking at building a system to manage our
> root/administrator and other privileged account (oracle, etc) passwords.
> 6/ enforce password 'quality' standards by using randomly generated
Random passwords are an invitation to write passwords near a persons
computer. That isn't a good idea if you are worried about employee A
impersonating employee B (but can be nifty if you are entirely worried
about external threats).
Nonrandom password quality assurance software exists: e.g. the users
can pick but it will be tested against a dictionary (no words), must
have at least 1 punctuation mark, must have at least 2 digits and
must beetween 12 and 20 characters long and that's my personal
preference. That leads to less writing down.
If it's a smallish group: 2-factor authentication (OTP lists
on USB fobs, RSA SecureID, what have you) may be the way to go. It
takes a lot pressure off that password as sole protection but you
now have the overhead of managing passwords AND fobs.
More information about the unisog