Wednesday, September 1, 2010

Password management

Personally I am a big fan of proper password management procedures. For my personal data I always used the open source tool Keepass (http://keepass.info/) for my passwords, but it was always missing two items:

  1. Better browser integration (I know you can use the form filling plugins, but they aren't very well done or supported)
  2. Distribution (I know you can use dropbox or something else and it works fine)

For my encrypted data I always built hidden share volumes using another open source tool Truecrypt (http://www.truecrypt.org/). The product works great, but I find that I need to encrypt less and less of my data these days.

I just replaced them all with Lastpass (http://lastpass.com/), which is a very impressive product. It integrates with pretty much every major browser out there and it's all centralized and allows for web access for all of your data. It allows for import from pretty much any browser database, or product (such as keepass). Its $12 per year for premium, I buy products like this because the value is high and the cost is low. If we don't support companies like this then they are not around for us.

For our enterprise I have used several nice distributed products in the past, but one always stands out as a cheap and well built solution. The product we use is Password Manager Pro (http://www.manageengine.com/products/passwordmanagerpro/), we don't use the enterprise products from them which allow for centralized password reset and such. All systems, regardless of if they are Linux, or windows use active directory for authentication (thanks winbind).

The product is a great secure repository, and it allows us to share relevant passwords with finance, HR, Marketing, Development, or the Database teams. It allows for dynamic groupings which are very flexible based on the content of the resources defined.

1 comment:

Eric said...

I definitely miss PMP. We're using spreadsheets and text files here. I showed the IPSEC guy PMP and he was very enthused, so we'll see.