[unisog] Designing Password Management System for Privledged Accounts

Russell Fulton r.fulton at auckland.ac.nz
Thu Oct 20 21:06:38 GMT 2005


>>6/ enforce password 'quality' standards by using randomly generated
>>passwords.
> 
> 
>   Random passwords are an invitation to write passwords near a persons
>   computer.

I absolutely agree.

What clearly failed to make clear is that this system is designed to
facilitate *emergency* access to systems.  These passwords are not for
day to day use.

We may extend the system later (or others may since we intend to
opensource it) to become a tool for more general use.  If we were to do
this then we would have dedicated clients rather than browsers to access
the server.  Such clients would work like Counterpanes Password-safe so
you retrieve the password and the program copies it onto the clipbord
and you then paste it into the password field.  You never see or type
the password.  It then becomes feasable to have very long random
passwords that will defeat any current brute forcing.

We are currntly encouraging our admins to use password safe and our hope
is that this system will evolve into a multiuser enterprise version of
password safe.

One of our design goals is try not to do anything in the initial design
that would hinder such evolution.

Russell



More information about the unisog mailing list