I've been thinking about this, and would like your input please:

Handling company passwords can be a tricky thing (i know i don't have to tell you all this).

You shouldn't write down passwords because physical security can become a problem. Even if physical security is not a main concern, it still shouldn't be written down, because you never know who will have access to it.

It also shouldn't be kept on a computer, because first of all, you might need a password that is in that file to login to the computer to begin with. Secondly, it is possible that someone may gain access to that file and obtain your passwords. Even encrypted files run that risk (unless your company invests in good encryption software).

For a large company with a good budget, there seems to be more options as far as password storing software or good encryption software that can be purchased.

However, what about a small business that does not focus much on security because they don't feel they would ever be a target. The administrator understands that ANYONE can be a target, SPECIALLY those who think they won't ever be attacked. So in an effort to secure the place as best possible with what is available, he attempts to harden the passwords for all the systems, etc...

But then obviously, by making them more complex, a place to write them down becomes a necessity. You come in to the office, had a rough weekend, come in on Monday, and run a blank.

Maybe keeping a book with the passwords in a cabinet locked by a key that only one person has access to is a the best choice?

How about keeping it stashed in your email somewhere? Emails can be compromised as well, so i don't see that as being very safe.

I'm just trying to weight all the options i have regarding this. I figured some of you have had so much experience with this, that you may have a better solution than what i can think of.

"He" is me by the way.  

Sorry for the long post, but thanks for reading.

Knb15

Here is what we do for our applications:

1) Passwords are hashed (SHA-1) and stored in a database
2) We NEVER print passwords anywhere. So we never display them on the screen, print them on paper, etc.
3) We make database backups. Once a month, they are sent to a vault in another location.
4) The administrator of the system can reset any password, but since they are hashed, he cannot see them.
5) In the event of a disaster, we rebuilt the servers from the backups
6) If we would really, really have problems, we can manually go in the database and reset them.

We this, you will never lose data because of a disaster or lost passwords.

So don't print any passwords anywhere. Instead, make sure and administrator can reset them.

Hope that helped!

I only know about 5 passwords at work, but that's because I use them the most.
Login, 2 root passwords, My password safe password, and the firewall password.

The rest are stored on a network drive in a Password Safe file. The software to open the safe is on my box. it works pretty well. Only time we've been hosed recently was when the SAN fried, before getting everything copied over to the new NAS. Even then it was just a case of restoring 8TB from tape.

We also have a back up copy on an full Disk Encrypted USB drive, requiring true crypt. There is a sealed envelope that goes with it. In the envelope are 3x5 cards: how to mount it, the passpharse for the USB drive, and the password for the master network engineering safe (has the passwords to all the other safes). They are not kept together, 1 is on site, 1 is off site. I get them both back once a month to check it's not open, and to update the passwords. My writing on the front, with a date (and I have have unique hand writing), Manager's signature on the back (after he seals it, with me watching).

The warning on the envelope says opening it will require changing all the passwords for all they systems company wide. When they opened it, I did just that. Caused a huge mess. But changed them all anyway.

I don't agree with the system we use, but it's worked for the most part.

Personally, I want to switch from Password Safe to Keepass (use it at home). I'm also curious now, what the traffic looks like with wireshark when opening a safe on a network drive...

Knb15,

I'm using my solution in a company with less than 100 employees, 10 in my department, (3 help desk, 4 developers, 2 project managers, and me). Can't get much smaller than that.

The engineering safe, has admin passwords (linux and windows), routers / switches, firewalls (network firewall and spam firewalls), vendors (like cisco), other safes (help desk, and developers don't need access to the infrastructure).

Once upon a time we had all 3 mixed together, but there was an issue with people accessing things they were not supposed to (developers making changes to the firewall, help desk people making changes to switches), so we broke it up.

I'm thinking to switching to keepass, because I like some of the features more.

1: Password Safe only works on windows (haven't tried in wine).  Keepass (well version 1.x anyway),works both on windows and linux. We tend to use both here. Some people have complained about having to use windows to open the password files.

2: Keepass hides the user names as well as the passwords when looking at the entries.  If I have someone (vendor, contractor, day help for project overload) in my office, I don't have to show them the naming conventions of our system. I can open the keepass, copy the user name with a right click, and then the password. Thus never exposing them to the outsider. (Yes I'm paranoid). At least that's how keepass 1.x works on my linux box at home.

--------------------------

We store the encrypted password files on the network, because several people have to access them. Putting it on the network was my predecessor's idea, and it works out fairly well. The trade off was putting it in a less secure location (anyone can access the network drive) so everyone could use them.

I have my own personal password safe file on my desktop machine, since I'm the only one that should be accessing that one.

The "safes" are encrypted files to begin with, but yes I'm using TrueCrypt (open source) Full Disk Encryption on the USB drive. Basically the drive is the back up in case the network attached storage goes down, but we still need the passwords. (It has happened).

Can't you configure ACLs so only you guys can access it?

Ew. Share permissions are trash. Those are left over from the Win9x days; they existed before NTFS permissions and attempted to provide a minimal level of security. It's often easiest to just give Everyone Full Control share permissions and then get granular with NTFS permissions. Trying to mix-n-match often leads to misconfigurations. Since accessing a share will use the most restrictive of the share and NTFS permissions, you won't have any surprises if you get the NTFS permissions rights. There might be some instances where you'd want to provide more restrictive share permissions, but they're very rare since people are usually accessing files exclusively over the network and not working locally.

It's pretty weak you can't get your own share that only you have access to. That's really not asking for that much IMHO...