From a simple KeePass database to enterprise credential management solutions—what’s your setup at work?
You must log in or # to comment.
Not today, Russia.
The method of champions. Post-it on the bottom of keyboard.
Bottom of keyboard? Are you out of space on your monitor to place additional Post-its with user credentials on them? /s
Boss, I need a third monitor, I’m out of space for post-its
Monitor bezel is for the less secure systems. Under the keyboard is for the secure stuff.
And the really secure systems are in the filing cabinet.
Got a thrift store keyboard. The pink sticky on the bottom said:
User: admin
Pass: password
I wish I was joking. Someone out there was dumb enough to need a reminder on that one.
I would need a small book hidden under my keyboard. My work password safe has approximately 100 entries.
more dev than sysop, but: bitwarden
I write it in plaintext then email it to myself. For my email password, I write that down on a sticky note next to my monitor with my webcam pointing towards it with Skype and Zoom always running so I can look at it when I’m not at home. I always make sure to turn 2FA off as well, since that gets annoying and isn’t very convenient.
I might choose to mirror the webcam stream to a public RTMP stream later, but not sure yet, since I think that might open up some security holes.
This is exactly the kind of innovation I was looking for.
Also, if you use a really easy to remember password… I like P@ssw0rd! Easy to remember, and nobody will ever guess it because, get this… The ‘o’ is actually a zero!
Your password shows up to me as ************
We use Netwrix Password Secure at work. They just announced this week they have found a RCE vulnerability in their software…
Bit Warden, one password, whatever float your boat just not last pass.
For SHTF stuff GPG.
correct horse battery staple
Always a relevant xkcd
We use PasswordState at work and KeePassXC for personal passwords.
As an admin for a Linux server, I want to institute a ssh pub key expiration policy for all the users and enforce non-reuse of old keys. Does anyone have a best solution for this?
How do you do your pubkey deployments? If you use ansible, it should be simple enough.
Sounds like certificates to me, but I don’t know of any such solution
Edit: I found out that openssh allows the logon with a certificate. This guide shows how to setup a public key that expires after 52 weeks.
Bitwarden/KeePass for MFA (not SMS or email) protected accounts. Pen and paper stored in a fire proof vault for non-MFA and break glass accounts.
We use ITGlue because it lets us tie password records to documentation which makes finding things very streamlined.
Personally, I use Bitwarden
We have a KeePass DB as a fallback but mostly use a PAM solution to manage server access.
On a post-it note stuck to the monitor.
At work I keep them in onenote (they are encoded) because they won’t let us install an actual password manager and half the shit I log into doesn’t support SSO/doesn’t have it set up and is all on different password schemes. Our service account passwords are in a shared cyberark vault.
Scribbled on the whiteboard in the office.
jk
I would never scribble my password on a whiteboard. It’s important to write in large clear letters so I can read it from across the lab.
