How secure is "Password Safe Application" ?

TheMSsForum.com: The Microsoft Software Forum

Do you think it is an acceptable security practice use an application such
as "Password Safe Application" from SourceForget.net to store server
passwords in my organization ? Some admins want to store such Password Safe
Application on a network share, protected by NTFS folder permissions to the
admin group.

Please advise.
Top

Re: How secure is "Password Safe Application" ? by Robert

Robert
Wed Feb 08 14:50:42 CST 2006

Marlon Brown wrote:
> Do you think it is an acceptable security practice use an application
> such as "Password Safe Application" from SourceForget.net to store
> server passwords in my organization ? Some admins want to store such
> Password Safe Application on a network share, protected by NTFS
> folder permissions to the admin group.
>
> Please advise.

Well its probably safer than having them write the passwords on post it
notes and hide them under their keyboards.

What exactly are you hoping to achieve? What will this password repository
be used for exactly? To store centrally held but seldom used "master"
passwords "in the event of a disaster"?

Or for forgetful admins who are worried they can't remember their passwords
from one day to the next?

I assume your admins each use their own admin account rather than a shared
one so that you stand some chance of auditing who made which changes?


Top

Re: How secure is "Password Safe Application" ? by Marlon

Marlon
Wed Feb 08 16:11:28 CST 2006

The primary use is to put "service" accounts (for SQL, Sharepoint,
thirdy-part apps) that are unfortunately need to be shared.
The admins must not put their own accounts there and each admin should have
his own password.

"Robert Moir" <robspamtrap+msnews@gmail.com> wrote in message
news:uXnCVFPLGHA.2124@TK2MSFTNGP14.phx.gbl...
> Marlon Brown wrote:
>> Do you think it is an acceptable security practice use an application
>> such as "Password Safe Application" from SourceForget.net to store
>> server passwords in my organization ? Some admins want to store such
>> Password Safe Application on a network share, protected by NTFS
>> folder permissions to the admin group.
>>
>> Please advise.
>
> Well its probably safer than having them write the passwords on post it
> notes and hide them under their keyboards.
>
> What exactly are you hoping to achieve? What will this password repository
> be used for exactly? To store centrally held but seldom used "master"
> passwords "in the event of a disaster"?
>
> Or for forgetful admins who are worried they can't remember their
> passwords from one day to the next?
>
> I assume your admins each use their own admin account rather than a shared
> one so that you stand some chance of auditing who made which changes?
>


Top

Re: How secure is "Password Safe Application" ? by Robert

Robert
Thu Feb 09 12:15:26 CST 2006

Marlon Brown wrote:
> The primary use is to put "service" accounts (for SQL, Sharepoint,
> thirdy-part apps) that are unfortunately need to be shared.
> The admins must not put their own accounts there and each admin
> should have his own password.

Seems like a sensible use of the app then - one thing to remember that what
ever thing you use needs to be managed - that is checked for security, keep
an eye out for security updates, and the like.


Top