Passwords

  • How do you store your passwords to service accounts, sql users, etc?

    We have a rather non-secure way of storing ours currently and are looking for a better solution. I've seen a few products that do it for you, but was curious what others are doing.

    Thanks,

    Jason

    The Redneck DBA

  • I actually wrote my own that I'll be putting on the market fairly soon.

    Watch my free SQL Server Tutorials at:
    http://MidnightDBA.com
    Blog Author of:
    DBA Rant – http://www.MidnightDBA.com/DBARant

    Minion Maintenance is FREE:

  • I use Password Safe. http://passwordsafe.sourceforge.net/

    David

  • Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe. That way when you get hit by a truck nobody has to try to crack your password safe...

    There are also some neat appliances that will provide you or other admins with one time passwords for access to resources based on AD group membership - you need a key/password it gives you the current password, your time is up/ticket expires and the password is automatically changed. A little scary in some regards but a pretty neat idea.

    Joe

  • Joe Clifford (1/29/2008)


    Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe.

    I agree with Joe... whatever you use to store the passwords electronically, always keep a safe physical copy of your password list... you never know when you might need it 😉

    David

  • Password Safe here. I''ve done the envelope thing and given it to a non-technical person, like the CFO or director.

    However these days I'd copy the PWDSafe files and put them on a flash drive and give that to the person for safekeeping.

  • Hey, what other use have you people found for that whiteboard?

    ouch - I was just kidding

  • First of all, you need to comply with site standards. Many sites classify passwords for service accounts, etc, as Type 1 data (your Security team will tell you what Type 1 means). Breaches of handling policy for Type 1 data normally result in disiplinary action.

    One method I have seen that complies with Type 1 handling policies is an encrypted Word document. Recent versions of Word support 128-bit encryption.

    In Word, go to Tools -> Options. Click the Security tab, then the Advanced button. Select your desired encryption method (your site may have a mandate on what should be used), and set the key length to 128. This allows you to share the passphrase needed to open the document within the DBA team, and to change the passphrase at regular intervals. It can be cheaper and easier to user than some other methods.

    Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

    When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

  • we use phpchain, now called PasswordChain. it's great for keeping all our password info. we have a group account for common password stuff (i.e., SQL passwords, server login passwords, common app passwords, etc.). then we each have individual accounts so we can keep our own stuff separate. we love it. http://sourceforge.net/projects/phpchain

    Happy is as Goofy does!

  • We have an in house developed program that lets users check passwords in and out for privileged ID's. The program lets you select the ID, then you click Check Out and the password is displayed. A support ticket number and explanation for the use fo the ID are required, and appear in control reports at month end. Once use of the ID is finished, the user selects the ID in the app, then clicks on Check In. the app then uses the Active Directory API to change the password for the ID to a new random value. Works very well.

  • Another vote for Password Safe. There is also a Portable Apps version meaning if you copy the electronic files off like Steve indicates, you just have to a USB key with the app and you don't have to install anything to get access to those files. Perfect for DR situations.

    K. Brian Kelley
    @kbriankelley

  • We use KeePass - an OSI certified password safe application (http://keepass.info).

Viewing 12 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. Login to reply