SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Passwords


Passwords

Author
Message
TheRedneckDBA
TheRedneckDBA
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3413 Visits: 2612
How do you store your passwords to service accounts, sql users, etc?

We have a rather non-secure way of storing ours currently and are looking for a better solution. I've seen a few products that do it for you, but was curious what others are doing.

Thanks,
Jason

The Redneck DBA
KenpoDBA
KenpoDBA
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1788 Visits: 634
I actually wrote my own that I'll be putting on the market fairly soon.

Watch my free SQL Server Tutorials at:
http://MidnightDBA.com
Blog Author of:
DBA Rant – http://www.MidnightDBA.com/DBARant

Minion Maintenance is FREE:


DavidSimpson
DavidSimpson
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1380 Visits: 1084
I use Password Safe. http://passwordsafe.sourceforge.net/

David



Joe Clifford
Joe Clifford
UDP Broadcaster
UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

Group: General Forum Members
Points: 1475 Visits: 619
Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe. That way when you get hit by a truck nobody has to try to crack your password safe...

There are also some neat appliances that will provide you or other admins with one time passwords for access to resources based on AD group membership - you need a key/password it gives you the current password, your time is up/ticket expires and the password is automatically changed. A little scary in some regards but a pretty neat idea.

Joe



DavidSimpson
DavidSimpson
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1380 Visits: 1084
Joe Clifford (1/29/2008)
Write it down, put it in a labeled signed dated envelope (2 sigs required) and put it in the safe.


I agree with Joe... whatever you use to store the passwords electronically, always keep a safe physical copy of your password list... you never know when you might need it Wink

David



Steve Jones
Steve Jones
SSC Guru
SSC Guru (106K reputation)SSC Guru (106K reputation)SSC Guru (106K reputation)SSC Guru (106K reputation)SSC Guru (106K reputation)SSC Guru (106K reputation)SSC Guru (106K reputation)SSC Guru (106K reputation)

Group: Administrators
Points: 106081 Visits: 19332
Password Safe here. I''ve done the envelope thing and given it to a non-technical person, like the CFO or director.

However these days I'd copy the PWDSafe files and put them on a flash drive and give that to the person for safekeeping.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Ewan Hampson
Ewan Hampson
SSC-Addicted
SSC-Addicted (490 reputation)SSC-Addicted (490 reputation)SSC-Addicted (490 reputation)SSC-Addicted (490 reputation)SSC-Addicted (490 reputation)SSC-Addicted (490 reputation)SSC-Addicted (490 reputation)SSC-Addicted (490 reputation)

Group: General Forum Members
Points: 490 Visits: 1826
Hey, what other use have you people found for that whiteboard?
ouch - I was just kidding
EdVassie
EdVassie
SSCrazy Eights
SSCrazy Eights (9.4K reputation)SSCrazy Eights (9.4K reputation)SSCrazy Eights (9.4K reputation)SSCrazy Eights (9.4K reputation)SSCrazy Eights (9.4K reputation)SSCrazy Eights (9.4K reputation)SSCrazy Eights (9.4K reputation)SSCrazy Eights (9.4K reputation)

Group: General Forum Members
Points: 9371 Visits: 3884
First of all, you need to comply with site standards. Many sites classify passwords for service accounts, etc, as Type 1 data (your Security team will tell you what Type 1 means). Breaches of handling policy for Type 1 data normally result in disiplinary action.

One method I have seen that complies with Type 1 handling policies is an encrypted Word document. Recent versions of Word support 128-bit encryption.

In Word, go to Tools -> Options. Click the Security tab, then the Advanced button. Select your desired encryption method (your site may have a mandate on what should be used), and set the key length to 128. This allows you to share the passphrase needed to open the document within the DBA team, and to change the passphrase at regular intervals. It can be cheaper and easier to user than some other methods.

Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara
K D Antonacci
K D Antonacci
Forum Newbie
Forum Newbie (8 reputation)Forum Newbie (8 reputation)Forum Newbie (8 reputation)Forum Newbie (8 reputation)Forum Newbie (8 reputation)Forum Newbie (8 reputation)Forum Newbie (8 reputation)Forum Newbie (8 reputation)

Group: General Forum Members
Points: 8 Visits: 45
we use phpchain, now called PasswordChain. it's great for keeping all our password info. we have a group account for common password stuff (i.e., SQL passwords, server login passwords, common app passwords, etc.). then we each have individual accounts so we can keep our own stuff separate. we love it. http://sourceforge.net/projects/phpchain

Happy is as Goofy does!
Ross McMicken
Ross McMicken
Right there with Babe
Right there with Babe (795 reputation)Right there with Babe (795 reputation)Right there with Babe (795 reputation)Right there with Babe (795 reputation)Right there with Babe (795 reputation)Right there with Babe (795 reputation)Right there with Babe (795 reputation)Right there with Babe (795 reputation)

Group: General Forum Members
Points: 795 Visits: 2249
We have an in house developed program that lets users check passwords in and out for privileged ID's. The program lets you select the ID, then you click Check Out and the password is displayed. A support ticket number and explanation for the use fo the ID are required, and appear in control reports at month end. Once use of the ID is finished, the user selects the ID in the app, then clicks on Check In. the app then uses the Active Directory API to change the password for the ID to a new random value. Works very well.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search