From a simple KeePass database to enterprise credential management solutions—what’s your setup at work?
You must log in or register to comment.
Keepass.
Backed up in the cloud, with a long password with plenty of non english characters in the password.
For learning new passwords, I write them down on a note in my wallet, without any explanation of where they lead or what username to use.
The same basically. For the real paranoid stuff I have the keepassx file in a veracrypt container.
Not today, Russia.
The method of champions. Post-it on the bottom of keyboard.
Bottom of keyboard? Are you out of space on your monitor to place additional Post-its with user credentials on them? /s
Boss, I need a third monitor, I’m out of space for post-its
Monitor bezel is for the less secure systems. Under the keyboard is for the secure stuff.
And the really secure systems are in the filing cabinet.
Got a thrift store keyboard. The pink sticky on the bottom said:
User: admin
Pass: password
I wish I was joking. Someone out there was dumb enough to need a reminder on that one.
I would need a small book hidden under my keyboard. My work password safe has approximately 100 entries.
more dev than sysop, but: bitwarden
I write it in plaintext then email it to myself. For my email password, I write that down on a sticky note next to my monitor with my webcam pointing towards it with Skype and Zoom always running so I can look at it when I’m not at home. I always make sure to turn 2FA off as well, since that gets annoying and isn’t very convenient.
I might choose to mirror the webcam stream to a public RTMP stream later, but not sure yet, since I think that might open up some security holes.
This is exactly the kind of innovation I was looking for.
Also, if you use a really easy to remember password… I like P@ssw0rd! Easy to remember, and nobody will ever guess it because, get this… The ‘o’ is actually a zero!
Your password shows up to me as ************
Bit Warden, one password, whatever float your boat just not last pass.
For SHTF stuff GPG.
We use Netwrix Password Secure at work. They just announced this week they have found a RCE vulnerability in their software…
correct horse battery staple
Always a relevant xkcd
We use PasswordState at work and KeePassXC for personal passwords.
Bitwarden/KeePass for MFA (not SMS or email) protected accounts. Pen and paper stored in a fire proof vault for non-MFA and break glass accounts.
As an admin for a Linux server, I want to institute a ssh pub key expiration policy for all the users and enforce non-reuse of old keys. Does anyone have a best solution for this?
How do you do your pubkey deployments? If you use ansible, it should be simple enough.
Sounds like certificates to me, but I don’t know of any such solution
Edit: I found out that openssh allows the logon with a certificate. This guide shows how to setup a public key that expires after 52 weeks.
We use ITGlue because it lets us tie password records to documentation which makes finding things very streamlined.
Personally, I use Bitwarden
At work I keep them in onenote (they are encoded) because they won’t let us install an actual password manager and half the shit I log into doesn’t support SSO/doesn’t have it set up and is all on different password schemes. Our service account passwords are in a shared cyberark vault.
We have a KeePass DB as a fallback but mostly use a PAM solution to manage server access.
Keepass
Keepass x2
