1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Password Management Solutions

Discussion in 'Windows Security' started by Kevin Gallagher, Oct 20, 2009.

  1. Kevin Gallagher

    Kevin Gallagher Guest

    I work in an Operations team and we are reviewing the way we manage our
    Security Passwords. We have tried different ways in the past from holding
    essential passwords centrally on a networked location to keeping them on a
    secure USB device in a Safe. Neither have proved satisfactory and both have
    advantages and disadvantages. We would like to manage our passwords in such a
    way that they will be available to us during major outages and provide
    granulated control or delegatde access. What are people doing to address this
    issue and is there any Microsoft Solution currently available?
     
    Kevin Gallagher, Oct 20, 2009
    #1
  3. David H. Lipman

    David H. Lipman Guest

    From: "Kevin Gallagher" <KevinGallagher@discussions.microsoft.com>

    | I work in an Operations team and we are reviewing the way we manage our
    | Security Passwords. We have tried different ways in the past from holding
    | essential passwords centrally on a networked location to keeping them on a
    | secure USB device in a Safe. Neither have proved satisfactory and both have
    | advantages and disadvantages. We would like to manage our passwords in such a
    | way that they will be available to us during major outages and provide
    | granulated control or delegatde access. What are people doing to address this
    | issue and is there any Microsoft Solution currently available?

    A password protected spreadsheet in a an encrypted ZIP file stored on a removable EFS
    encrypted drive.

    --
    Dave

    Multi-AV -
     
    David H. Lipman, Oct 20, 2009
    #2
  4. Vladimir Katalov

    Vladimir Katalov Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:eGFrehXUKHA.3428@TK2MSFTNGP06.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    >
    > A password protected spreadsheet in a an encrypted ZIP file stored on a
    > removable EFS
    > encrypted drive.<!--colorc--><!--/colorc-->

    There are two problems there, actually...

    First, convenience. Attach the drive, log on as an appropriate user (who has
    access to EFS-encrypted file), enter ZIP password, enter Excel password.
    And don't forget to export your personal certificate, btw.

    Second, security. If you keep the certificates in the local storage, EFS
    encryption relies on user's logon password only. ZIP: old ('classic')
    encryption
    is weak, so you should use AES. Excel: depends on version. 40-bit encryption
    (Office 97/2000, and XP/2003 in 'compatible' mode) can be cracked in
    seconds. Office XP/2003 with CSP (and longer key length) is more reliable,
    but password-checking routine is simple and fast, so effective brute-force
    and dictionary attacks can be implemented. Only Office 2007 is secure (if
    you select a good password).

    --
    Sincerely yours,
    Vladimir

    Vladimir Katalov
    CEO
    ElcomSoft Co.Ltd.
    mailto:vkatalov@elcomsoft.com
     
    Vladimir Katalov, Oct 21, 2009
    #3

Share This Page