Middlebury

Best way to store passwords

Revision as of 16:08, 27 July 2009 by Linda Knutson (talk | contribs)

Re: Storing passwords securely

The consensus is that remembering passwords is the most secure way of storing them. You can make them easier to remember by following the six steps on this page: http://www.microsoft.com/protect/yourself/password/create.mspx

If remembering them is not possible, things get complicated. There seems to be a big divide between people that recommend using some software program to store the password, and people that recommend writing down passwords.

1) Writing down passwords

Microsoft's experts actually suggest writing them down on paper AND storing the paper somewhere secure. Does your department have a safe or other secure location where this can be kept in the office? If so, this may be a good option. It's not a good option if you need to know the passwords when on the road.

Our recommendation: Avoid using this option.

2) Using a software program to store the password

The software program stores the passwords in a file that's encrypted. To open the file you need the software program and you need to provide a "master" password (you can think of the file as your "safe" and the master password as the key to the safe). To unlock the password file you open the password program and enter the master password. Once the password file is unlocked, all the passwords are available in plain text for viewing/copying/pasting. When you're done using the program, close it and it locks the password file again.

If someone steals/obtains your password file they need to know the master password to open it. The thief may be able to bypass this if there is a flaw in the software program allowing someone to "crack open" the password file without a password (sort of like knowing how to lock-pick a safe).

Our recommendation: Avoid using this option.

--- So, at this time, we can't make any other recommendations.

You can't be prevented from writing a password down or using a software program to manage passwords. If you chose to write a password down, make sure the paper is stored somewhere secure. If you chose to use a software program for password management, make sure that the password is stored on a secure location, such as your personal file server space (/home).

Powered by MediaWiki