Following up on my post about passwords and physical security, I’d like to discuss a couple suggestions for secure password management. This primarily applies to the unfortunate (but common) case where a team is sharing common logins and passwords. We see this a lot with internal teams, especially in lab and development environments.
A few months ago I saw a good blog post by Joel Spolsky, where he suggested using a combination of Dropbox and Password Safe as a secure password management tool. For those unfamiliar with it, Dropbox is an Amazon Cloud-based service that essentially acts as a network-based hard disk that can be synced across multiple machines. Local copies of files are retained on the user’s machine and changes are synced with the main file server and distributed to the user’s other machines with the Dropbox client installed.
It’s a great tool and I would recommend it to anyone – and when used with Password Safe (install your encrypted password file on the dropbox-synced folder), it’s an effortless and secure method for an individual user to manage their passwords.
In an enterprise level IT environment, however, it’s probably not the best choice. I can’t think of any responsible administrator who’d consider turning over a password list to an untrusted 3rd party, as anonymous or as encrypted as it may be. It’s just not worth the risk.
The alternative, then, is to leverage a similar method using more secure means. Our team uses a NAS device, which is an ideal and cost-effective candidate for similar functionality. If your IT organization has large-scale production file servers which are regularly backed up and maintaned, that would be an even better candidate.
The missing piece in this suggestion is file synchronization – a killer feature of Dropbox. There are a few different ways to take handle this – either using one of the many file synchronization tools, or a versioning system such as CVS or Subversion. The choice is yours, but allowing the user to maintain a local copy of the folder is a critical component – because what happens if the file server goes down and the user forgets a shared password?
A careful security administrator will keep these circumstances in mind and plan for them accordingly. Don’t be “that guy” who assumes his file servers will be up 100% of the time! That’s what security is all about – hoping for the best, yet planning for the worst.
Tags: password policy, passwords