Submission + - How to securely share passwords
vginders writes: "Whilst the idea of "securely sharing passwords" doesn't seem very secure by itself, the reality of system administration makes you do such a thing.
The idea of just giving everyone a personal password is just not realistic, when talkin of a support shop with many clients. Having all (e.g.) ten colleagues maintaining a personal password for all of your (e.g.) hundred and twenty clients is a nightmare.
Face it, every IT Support shop has a bunch of customers and a bunch of coworkers, all needing access at one time of another to the administrator password, some root accounts, some router enable passwords or other firewall credentials. It obviously is'nt always as easy as using certificate logins with SSH.
Through serving in different support shops myself, I have seen different approaches, from using a pass like "[customer_name_tag][postalcode]" over noting passwords in a Visio network scheme till storing them in a high encrypted distributed database (which was protected with one unique password).
I've been thinking a lot about a pretty safe way of managing passwords, but couldn't find something good enough, especially when accepting solutions which aren't 100% secure to keep the solution a bit usable as most clients aren't big banks or nuclear power plants, but mostly small businesses.
So my by now obvious question to the IT Support guys within the /. community, is what you think is a decent, say good-enough solution?"
The idea of just giving everyone a personal password is just not realistic, when talkin of a support shop with many clients. Having all (e.g.) ten colleagues maintaining a personal password for all of your (e.g.) hundred and twenty clients is a nightmare.
Face it, every IT Support shop has a bunch of customers and a bunch of coworkers, all needing access at one time of another to the administrator password, some root accounts, some router enable passwords or other firewall credentials. It obviously is'nt always as easy as using certificate logins with SSH.
Through serving in different support shops myself, I have seen different approaches, from using a pass like "[customer_name_tag][postalcode]" over noting passwords in a Visio network scheme till storing them in a high encrypted distributed database (which was protected with one unique password).
I've been thinking a lot about a pretty safe way of managing passwords, but couldn't find something good enough, especially when accepting solutions which aren't 100% secure to keep the solution a bit usable as most clients aren't big banks or nuclear power plants, but mostly small businesses.
So my by now obvious question to the IT Support guys within the
