Some time ago I was looking for a password vault and came across some recommendations for KeePass. KeePass is open source and free. It's a nice password manager and some of the features I like are:
- Strong encryption of the password database
- The ability to use a password, key file, or the combination of the two to secure access to said password database
- A password generator with a multitude of options
- The ability to copy the password to the clipboard (without ever showing it) and have it clear the password after a set amount of time
- Organize password entries by groups and subgroups (think folders)
A new version, 1.09, released in October. There is also a Portable Apps version which allows you to run it without installation. Therefore, you can stick on a USB drive and take it with you. I've also run it as a straight executable from a shared network drive.
Looking at it from a shared location, KeePass can be used by an organization to store sensitive logins, such as the root password for MySQL, the sa account password, the usernames and passwords for the SQL Server service accounts, etc. In fact, in version 1.09, if the password database is opened by another user, it's smart enough to tell the next person opening it the situation and asking if that user wants to open the database in read-only or normal mode. One way to handle this is to distribute the key file to all admins and as long as they have that, they can unlock the password database. If someone leaves the organization who had access to the password database, generate a new key and re-distribute it, and you're back in business, even if they copied the key file. Granted, the fact that the password entries stored within will have to be addressed, but this is a problem regardless of your password vault solution (or lack thereof).
Technorati Tags:
Security |