Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Passwords Expand / Collapse
Author
Message
Posted Friday, January 25, 2008 2:43 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 10:57 AM
Points: 1,531, Visits: 2,251
How do you store your passwords to service accounts, sql users, etc?

We have a rather non-secure way of storing ours currently and are looking for a better solution. I've seen a few products that do it for you, but was curious what others are doing.

Thanks,
Jason


The Redneck DBA
Post #447834
Posted Friday, January 25, 2008 4:39 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Yesterday @ 1:12 PM
Points: 320, Visits: 360
I actually wrote my own that I'll be putting on the market fairly soon.

Watch my free SQL Server Tutorials at:
http://MidnightDBA.ITBookworm.com

Read my book reviews at:
www.ITBookworm.com

Blog Author of:
Database Underground -- http://www.infoworld.com/blogs/sean-mccown
DBA Rant – http://dbarant.blogspot.com
Post #447875
Posted Monday, January 28, 2008 8:47 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Tuesday, October 28, 2014 1:45 PM
Points: 935, Visits: 1,010
I use Password Safe. http://passwordsafe.sourceforge.net/

David



Post #448378
Posted Tuesday, January 29, 2008 12:54 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Monday, June 3, 2013 9:53 PM
Points: 433, Visits: 619
Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe. That way when you get hit by a truck nobody has to try to crack your password safe...

There are also some neat appliances that will provide you or other admins with one time passwords for access to resources based on AD group membership - you need a key/password it gives you the current password, your time is up/ticket expires and the password is automatically changed. A little scary in some regards but a pretty neat idea.

Joe



Post #448712
Posted Tuesday, January 29, 2008 7:48 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Tuesday, October 28, 2014 1:45 PM
Points: 935, Visits: 1,010
Joe Clifford (1/29/2008)
Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe.


I agree with Joe... whatever you use to store the passwords electronically, always keep a safe physical copy of your password list... you never know when you might need it ;)

David



Post #448858
Posted Tuesday, January 29, 2008 8:37 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 4:15 PM
Points: 31,210, Visits: 15,654
Password Safe here. I''ve done the envelope thing and given it to a non-technical person, like the CFO or director.

However these days I'd copy the PWDSafe files and put them on a flash drive and give that to the person for safekeeping.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #448906
Posted Tuesday, January 29, 2008 9:52 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 9:56 AM
Points: 142, Visits: 1,715
Hey, what other use have you people found for that whiteboard?
ouch - I was just kidding
Post #448973
Posted Wednesday, January 30, 2008 4:00 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Tuesday, October 28, 2014 3:41 AM
Points: 2,888, Visits: 3,261
First of all, you need to comply with site standards. Many sites classify passwords for service accounts, etc, as Type 1 data (your Security team will tell you what Type 1 means). Breaches of handling policy for Type 1 data normally result in disiplinary action.

One method I have seen that complies with Type 1 handling policies is an encrypted Word document. Recent versions of Word support 128-bit encryption.

In Word, go to Tools -> Options. Click the Security tab, then the Advanced button. Select your desired encryption method (your site may have a mandate on what should be used), and set the key length to 128. This allows you to share the passphrase needed to open the document within the DBA team, and to change the passphrase at regular intervals. It can be cheaper and easier to user than some other methods.


Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2014, 2012, 2008 R2, 2008 and 2005. 18 October 2014: now over 31,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #449254
Posted Wednesday, January 30, 2008 6:35 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, May 2, 2013 6:56 AM
Points: 6, Visits: 45
we use phpchain, now called PasswordChain. it's great for keeping all our password info. we have a group account for common password stuff (i.e., SQL passwords, server login passwords, common app passwords, etc.). then we each have individual accounts so we can keep our own stuff separate. we love it. http://sourceforge.net/projects/phpchain

Happy is as Goofy does!
Post #449331
Posted Wednesday, January 30, 2008 1:51 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, October 27, 2014 12:06 PM
Points: 357, Visits: 1,974
We have an in house developed program that lets users check passwords in and out for privileged ID's. The program lets you select the ID, then you click Check Out and the password is displayed. A support ticket number and explanation for the use fo the ID are required, and appear in control reports at month end. Once use of the ID is finished, the user selects the ID in the app, then clicks on Check In. the app then uses the Active Directory API to change the password for the ID to a new random value. Works very well.
Post #449676
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse