KeePass justification

Posted by Jeff Walker on Super User See other posts from Super User or by Jeff Walker
Published on 2010-04-23T20:51:55Z Indexed on 2010/04/23 20:53 UTC
Read the original article Hit count: 497

I work at a place that tries to take security seriously, but sadly, they often fail. Currently, one of the major ways they fail is password management.

I personally have about 20 accounts (my personal user id on lots of machines). For shared "system" accounts, there are about 45 per environment; development, test, and production. I have access to 2 of those, so my personal total is somewhere around 115 accounts. Passwords have to be at least 15 characters with some extensive but standard complexity constraints, and have to be changed every 60 days or so (system accounts every year). They also should not be the same for different accounts, but that isn't enforced. Think DoD-type standards. There is no way to remember and keep up with this. It just isn't humanly possible, as far as I'm concerned.

This might be a good justification of a centralized account management system, a la LDAP or ActiveDirectory, but that is a totally different battle.

Currently the solution is an Excel spreadsheet. They use Excel to put a password on it, and then most people make a copy and remove the password. This makes my stomach turn.

I use KeePass for this problem and it manages all of my account very well. I like the features like auto-typing, grouping, plugins, password generation, etc. It uses AES-256 encryption via the .Net framework, and while not FIPS compliant, it has a very good reputation.

The only problem is that they are also very careful about using randomly downloaded software. So we have to justify every piece of software on our workstations. I have been told that they really don't want me to use this, be cause of the "sensitive nature" of storing passwords. sigh My justification has to be "VERY VERY strong".

I have been tasked with writing a justification for KeePass, but as I am lazy, I would like any input that I can get from the community. What do you recommend? Is there something out there that is better or more respected than KeePass? Is there any security experts saying interesting things on this topic? Anything will help at this point. Thanks.

© Super User or respective owner

Related posts about keepass

Related posts about password-management

  • Company Password Management

    as seen on Server Fault - Search for 'Server Fault'
    The topic of personal password management has been covered in great detail time after time. This question is aimed at the business or organization that needs to keep track of many unique passwords for many clients. What are some strategies/tools or ideas you all have for accomplishing this task? I… >>> More

  • Company Password Management

    as seen on Server Fault - Search for 'Server Fault'
    The topic of personal password management has been covered in great detail time after time. This question is aimed at the business or organization that needs to keep track of many unique passwords for many clients. What are some strategies/tools or ideas you all have for accomplishing this task? I… >>> More

  • Unix Password Management Keyring

    as seen on Super User - Search for 'Super User'
    I am looking for a password manager for a command-line Unix environment. So far all I can find are keyring applications for Windows, Linux, and Mac. But no command-line Unix interfaces. My main goal is to be able to access a password keyring through an SSH connection to a machine that has no graphical… >>> More

  • Password Management for Oracle WebLogic customers

    as seen on Oracle Blogs - Search for 'Oracle Blogs'
    One of the most common requests for enhancements I get across my desk is that customers wish to allow end users to change their passwords from our products. Now, typically password management is not in the realm of individual applications but it is an infrastructure requirement, so we don't usually… >>> More

  • Local Password Management

    as seen on Super User - Search for 'Super User'
    In our office (and I am sure many others) we access various websites and tend to share one account with our team. For example, we share credentials to Ebay and change them every few weeks to maintain some sense of security. However, we know this does not allow for any type of accountability for… >>> More