Ha! Much as I would enjoy that I’m not ready to eliminate the possibility that someone would spin up a Beowulf cluster just to try and prove me wrong–especially in this community. 
How does your team keep track of passwords?
4
If you work on a team, there will be shared resources (read: vendors) that require a password. From my experience, not all those vendors provide individual accounts for all who access them.
So, you’ve got a group password. How do you, the real-world you, store and share this information?
(I’ve got my own answer, and I’m curious how others do it)
Leave a Reply
You must be logged in to post a comment.
19 Answers
7
Two things, though neither of them may directly answer the question:
1) If you're fine with "sharing" a master password (which I don't particularly recommend, but there are worse sins) then putting your user/pass sets into a plain text file, storing that file in a Truecrypt volume with a high-strength password, and putting the volume into a shared Dropbox folder is a very secure way of doing so. Best of all, it doesn't lock you in to any special file format.
2) Responding to several comments about complexity and password strength--the two are emphatically not linked. A very strong password need not be complicated. For instance, I'm comfortable telling you a huge amount of information about the very simple master password that encrypts all my bank account info:
- Its a passage from a famous work of literature.
- The original punctuation and spelling is intact.
- One word is different from the original text.
Even with this information being public, my password is still more secure than 99.9% of those in common use. It spans the keyboard, includes a large number of upper and lower-case characters, punctuation, numerals, and is invulnerable to dictionary attacks by virtue of being multiple words. The fact that one word varies from the source means that even if you had a "dictionary" of all classic literature you still wouldn't have the correct passage. All that being the case it is not a complex password. Its incredibly simple and if I told it to you you could memorize it in five minutes.
-
You should post a unsalted DES hash of your passphrase so we can have a go
Leave a Reply
You must be logged in to post a comment.
3
The other approach that I'm fond of is pointing out to vendors that it creates a real security and privacy problem for an organization to require users to share passwords. Most of the time they need to hear it. Sometimes they listen.
Leave a Reply
You must be logged in to post a comment.
3
Plugins for using Wordpress as a CMS:
CollabPress: Project and Task Management for WordPress and WPMU
12 Plugins that Extend Wordpress
40 Exceptional “CMS Enabling” WordPress Plugins
Building Community Sites with WordPress: 15 Plugins to Get Started
Megan Taylor
263
Leave a Reply
You must be logged in to post a comment.
2
I'm a big fan of KeepPass. Like 1Password and PWSafe, you memorize one long "master" password, which is used to decrypt all your other passwords. KeepPass, in particular, is nice because it's free and runs on a variety of platforms--Windows, OS X, Linux, and even my Android phone. (Stick to the 1.x versions if you want maximum compatibility.)
I would combine KeepPass with something like Dropbox, which lets you sync files between different computers. I use it so that I always have my password file up to date whether I'm at work or at home, but you could use it to make sure everyone on the team has an up to date password file. I haven't tried, but I believe if you opt for the paid Dropbox accounts, you can even set up groups of users who have access to certain shared files. This also neatly avoids the problem of having to email passwords around to everyone for them to update their individual password files.
Leave a Reply
You must be logged in to post a comment.
2
I like Apture, even though it's not WP specific. It does add a lot of neat rollover functions to Twitter, YouTube, and Wikipedia links.
The Publish2 plugin is pretty sweet as well (a big hat tip to Daniel Bachhuber). For any site where you need to publish frequently and manage a lot of sources, this works well.
Rick Martin
247
Leave a Reply
You must be logged in to post a comment.
1
Storing passwords in Google Docs makes me nervous, personally.
I'm blissfully free of shared passwords for the time being, but at my last layover, there was a spreadsheet on the network. Not hardly secure but I'm not really sure that security and shared passwords synchronize very well.There were some things that the office manager held--her spreadsheet was actually password protected.
Leave a Reply
You must be logged in to post a comment.
1
Passpack.com. We built it to solve this exact problem - sharing passwords for teams and small groups (I'm a founder).
Leave a Reply
You must be logged in to post a comment.
0
We use creative spellings of names of our famous former journalists.
Leave a Reply
You must be logged in to post a comment.
0
Not to sound flippant, but I just memorize mine. They're not crazy complex (maybe that's bad?).
Greg Linch
554
Leave a Reply
You must be logged in to post a comment.
0
I keep my passwords in my Mac's keychain access, having to enter the password every time to remind me the ones I don't memorize. we have a few standard office passwords that we change occasionally for the shared resources we use (for example for feedburner, and up until recently for google webmaster account)
Leave a Reply
You must be logged in to post a comment.
0
Your passwords should be complex, using a mixture of uppercase, lowercase and numbers and at least 8 characters long. If you use weak passwords, or reuse the same password across accounts then you are weakening your entire system. High profile websites, especially news related ones are a constant target for hackers. You should use a program designed for storing password (as mentioned by Eli). It sounds like a pain, but it's something you need to practise. There are many tools which can automatically attack a computer by trying out thousands of common passwords, don't go using real words, ever.
Also, on Unix and related machines you can use passwordless authentication, which is often handy for getting to the machine to perform basic file manipulation. http://linux.die.net/man/1/ssh-copy-id
Leave a Reply
You must be logged in to post a comment.
0
Is there a role for OAuth here? that seems to be the "right" way.
Leave a Reply
You must be logged in to post a comment.
0
You could try syncing 1Password with Dropbox, using these instructions.
Now that 1Password for Windows beta is out, it might be a more viable solution for shops that have Mac & Windows machines.
Chrys Wu
395
Leave a Reply
You must be logged in to post a comment.
0
Ha, I wish we did. There a couple of people who know all the logins, and when I need something I go find one of those people. Then I save the password in my browser. :P
Megan Taylor
263
Leave a Reply
You must be logged in to post a comment.
0
you can capture your password using ProteMac KeyBag PRO . it's keylogger can record you keystrokes.
Leave a Reply
You must be logged in to post a comment.
0
0
LAL This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality resource for free. It’s the old what goes around comes around routine. http://www.key-windows-7.org/
Leave a Reply
You must be logged in to post a comment.
-1
I keep a master password document on Google docs for my office. I then put whatever passwords I want to share in individual Google documents and share them with the people who need them. That way I can edit the documents with changed passwords and share or un-share them at will.
Leave a Reply
You must be logged in to post a comment.
Your Answer
Please login to post questions.
I’m blissfully free of shared passwords for the time being, but at my last layover, there was a spreadsheet on the network. Not hardly secure but I’m not really sure that security and shared passwords synchronize very well.