6 Kicks

Where does your .NET development team keep its passwords?(thesecretserver.com)

submitted by jonathan_cogleyjonathan_cogley(85) 6 years, 4 months ago

With the promise of single sign on, we are all not supposed to need passwords anymore, right? Then why do we have passwords for network routers, sourcecontrol repositories, FTP accounts, POP accounts and so many other things (without even stepping into the physical world of things such as combinations, security code, cellphone pins, etc). Where do you put them? On a post-it note? In Excel? None of these solutions are very secure and don't allow for auditing or secure sharing across your team. One solution is our product, Thycotic Secret Server (http://thesecretserver.com) but I am interested to hear how other teams are doing it!

6 comments |category: |Views: 0

tags: another

new Add a live kick counter to your blog >> liveImage

You can even customize the image by choosing your own colors, and then clicking the button below to update the preview and the html code:

  • "Kick It" text
  • "Kick It" background
  • kick count text
  • kick count background
  • border

Simply copy and paste this HTML into your blog post.


Users who kicked this story:
gavinjoycegavinjoyce(25.7k) - aspinatoraspinator(0) - goalgoal(0) - nonameoknonameok(0)
More who kicked this story...
Comments:

posted by gavinjoycegavinjoyce(25.7k) 6 years, 4 months ago 0

I have been using password safe (http://passwordsafe.sourceforge.net/) for storing passwords.

Your product looks good though, the price (starting at $29 per user) looks good too.

Reply

posted by cslattcslatt(45) 6 years, 4 months ago 0

We use KeePass with 2 password files placed on a shared drive (one file for passwords that the whole team needs, one for passwords that are restricted to the owners & lead developer). Works fine for our 5 person team. If we had more than 2 levels of access, we would hit some scalability issues, but since we don't this works fine and it's free.

http://keepass.sourceforge.net/

Reply

posted by gavinjoycegavinjoyce(25.7k) 6 years, 4 months ago 0

KeePass looks good, thanks for letting us know about it.

Reply

posted by jonathan_cogleyjonathan_cogley(85) 6 years, 4 months ago 0

A question on "all in one file based system" ... what happens when one of your team members leaves? Do you practice due diligence and change ALL the passwords - even though the person who left may never have looked at many of them.

I see the same problem with systems that use USB keys ... they work well for individuals but not groups of people.

Reply

posted by jonathan_cogleyjonathan_cogley(85) 6 years, 4 months ago 0

One dotnetkicks user asked on our website: "how do i know this isn't a scam for you guys to get my passwords???"

Most products (including Secret Server) require you to download and install the software on your own hardware. Admittedly the software could still send sensitive information over the internet somewhere but then we wouldn't be in business long!

Just to be clear, we want your *business* not your passwords. :-)

Reply

posted by cslattcslatt(45) 6 years, 4 months ago 0

Yes, when someone leaves we change all the passwords on internet-accessible devices and sites. It only takes about an hour.

Reply

information Login or create an account to comment on this story
Submit a Story
View upcoming stories
How else can I help?
Add our feeds to your site

Most Active Users

What's this?