|
no what you do is make a new gmail account called "passwords" and put all the passwords in a draft email that you save, and then give everybody the login for that account so they can ctrl+f thei pasword they need. hth
|
#
?
Jun 5, 2017 15:58
|
|
|
|
| # ? May 17, 2024 16:22 |
|
|
just make all of them the exact same and make sure it's easy to remember
|
|
#
?
Jun 5, 2017 15:58
|
|
|
TheManFromFOXHOUND posted:I've been assigned to create a centralized password manager for the IT/Development department and I need to figure out what to do. Right now I'm leaning towards using KeepAss on a shared network drive with a key file. four seconds later someone copies the keyfile to anywhere on the network
|
|
#
?
Jun 5, 2017 16:05
|
|
|
1p assword for teams. next question
|
|
#
?
Jun 5, 2017 16:06
|
|
|
normally you just do "<company>123" and that's always safe
|
|
#
?
Jun 5, 2017 16:15
|
|
|
RISCy Business posted:Lastpass for teams. next question
|
|
#
?
Jun 5, 2017 16:33
|
|
|
all good suggestions I'm looking into 1password for teams now, thanks
|
|
#
?
Jun 5, 2017 16:36
|
|
|
geonetix posted:normally you just do "<company>123" and that's always safe use the company street address instead of 123, that's more safe
|
|
#
?
Jun 5, 2017 17:25
|
|
|
yeah there's several "for teams" programs out there that would work fine if you have nonzero budget actually now that i'm thinking about keep rear end and keyfiles how come it doesn't work with like, SSL certs, so you could use hardware tokens? is that even possible? has someone made that?
|
|
#
?
Jun 5, 2017 17:25
|
|
|
PKI LOL IMHO
|
|
#
?
Jun 5, 2017 17:31
|
|
|
TheManFromFOXHOUND posted:For reference we will be storing passwords to our task servers and AWS in the manager. make individual accounts for the task servers, use IAM on AWS to make individual accounts or there's probably some way to scoop them out of ldap or w/e
|
|
#
?
Jun 5, 2017 17:32
|
|
|
Secret Server is good and fancier than I realized
|
|
#
?
Jun 5, 2017 19:52
|
|
|
sadus posted:Secret Server is good and fancier than I realized
|
|
#
?
Jun 5, 2017 19:53
|
|
|
ate all the Oreos posted:yeah there's several "for teams" programs out there that would work fine if you have nonzero budget keep rear end lets you specify a file as a key out of the box, but you need to use one of the plugins to do rsa/ssh/user account/whatever
|
|
#
?
Jun 5, 2017 20:00
|
|
|
gonadic io posted:keep rear end lets you specify a file as a key out of the box, but you need to use one of the plugins to do rsa/ssh/user account/whatever yeah i know about keyfiles, i mean hardware token/smart card/PKI-based auth, though it sounds like there's plugins for that is what you're saying? neat, i'll check em' out later
|
|
#
?
Jun 5, 2017 20:05
|
|
|
I think it allows you to use a yubikey as well?
|
|
#
?
Jun 5, 2017 22:10
|
|
|
hashicorp vault.
|
|
#
?
Jun 5, 2017 22:23
|
|
|
Spent the day in blechley park and it's really neato. They have a redic "cyber security" section presented by mcafee with an entire wall of Facebook people "keeping you safe" that was pretty lol though
|
|
#
?
Jun 5, 2017 22:36
|
|
|
lol https://twitter.com/ericgeller/status/871842516458496001
|
|
#
?
Jun 5, 2017 22:47
|
|
|
Bhodi posted:Spent the day in blechley park and it's really neato. They have a redic "cyber security" section presented by mcafee with an entire wall of Facebook people "keeping you safe" that was pretty lol though bletchley is amazing. i legit cried at the plaques describing how he was treated after the way, even though i already new it all. seeing it next to all his papers and essays it was just too much.
|
|
#
?
Jun 5, 2017 22:49
|
|
|
CHICKEN DINNER was exonerated after a thorough investigation.
|
|
#
?
Jun 5, 2017 22:50
|
|
|
good poo poo all around
|
|
#
?
Jun 5, 2017 23:13
|
|
|
Subjunctive posted:CHICKEN DINNER was exonerated after a thorough investigation.
|
|
#
?
Jun 5, 2017 23:14
|
|
|
Bhodi posted:Spent the day in blechley park and it's really neato. They have a redic "cyber security" section presented by mcafee with an entire wall of Facebook people "keeping you safe" that was pretty lol though I need to go back because I didn't have enough time to see everything
|
|
#
?
Jun 5, 2017 23:19
|
|
|
i'm pretty sure that keepass supports opening files with ssl?
|
|
#
?
Jun 5, 2017 23:27
|
|
|
Bhodi posted:Spent the day in blechley park and it's really neato. They have a redic "cyber security" section presented by mcafee with an entire wall of Facebook people "keeping you safe" that was pretty lol though Did you go to the nearby computer museum? They have a working rebuild of the Colossus, the first electronic computer. Imo the story and technical details about cracking the Lorentz cioher is as interesting or even more so than Enigma.
|
|
#
?
Jun 5, 2017 23:28
|
|
|
duTrieux. posted:i'm pretty sure that keepass supports opening files with ssl? what does it mean to open a file with ssl (tls)?
|
|
#
?
Jun 5, 2017 23:36
|
|
|
Subjunctive posted:what does it mean to open a file with ssl (tls)? i think just that it can retrieve a database from https, there's something in the options about allowing self-signed certs to do so
|
|
#
?
Jun 5, 2017 23:38
|
|
|
duTrieux. posted:i think just that it can retrieve a database from https, there's something in the options about allowing self-signed certs to do so oh, ok. I thought you meant a local file
|
|
#
?
Jun 5, 2017 23:41
|
|
|
Subjunctive posted:oh, ok. I thought you meant a local file i'm not that much of an idiot, although yes what i posted was extremely poorly phrased
|
|
#
?
Jun 5, 2017 23:53
|
|
|
reality winner like, that's the leaker's name it's no CARL MARK FORCE IV but still pretty good
|
|
#
?
Jun 6, 2017 00:21
|
|
|
For each server, tattoo the password on one butt cheek each of two distinct employees, taking care not to have any two employees have the same two servers between them. keep a department spreadsheet of server names to tattooed employees. Do not inform the employee which server their tattoo is for. In the event of an employee departure where that employee has a password, tattoo the 1-2 passwords onto different employees as previously. Enforce key rotation via frequent layoffs and hirings. this is what you all mean when you're suggesting a team keep rear end, right?
|
|
#
?
Jun 6, 2017 01:07
|
|
|
made a point to visit bletchley when I went to london, it was awesome I did see the colossus, they also have a bombe haveblue fucked around with this message at 01:27 on Jun 6, 2017 |
|
#
?
Jun 6, 2017 01:21
|
|
|
Volmarias posted:For each server, tattoo the password on one butt cheek each of two distinct employees, taking care not to have any two employees have the same two servers between them. keep a department spreadsheet of server names to tattooed employees. Do not inform the employee which server their tattoo is for. In the event of an employee departure where that employee has a password, tattoo the 1-2 passwords onto different employees as previously. Enforce key rotation via frequent layoffs and hirings. this was tortured but so is naming a password manager "keepass" so i'll give it an A-
|
|
#
?
Jun 6, 2017 01:26
|
|
|
https://twitter.com/quinnnorton/status/871883733032415236 gj intercept
|
|
#
?
Jun 6, 2017 02:04
|
|
|
they're kinda hard to see on that image
|
|
#
?
Jun 6, 2017 02:10
|
|
|
My company makes copiers that do this and it's pretty cool. Though all copiers made since copiers went digital do this in some fashion. There are ways to trick it or to hide them, but it's not easy.
|
|
#
?
Jun 6, 2017 02:10
|
|
|
Peachfart posted:There are ways to trick it or to hide them, but it's not easy. Scan, OCR, don't share the originals
|
|
#
?
Jun 6, 2017 02:13
|
|
|
Jabor posted:Scan, OCR, don't share the originals None of these will work. At the bare minimum, older MFP's leave their serial number almost invisibly on any copy, print, or scan. Newer copiers, and certainly anything the government is using(we are their main supplier), have much more information especially since you are required to use PIV to log into each machine.
|
|
#
?
Jun 6, 2017 02:21
|
|
|
|
| # ? May 17, 2024 16:22 |
|
|
Peachfart posted:you are required to use PIV to log into each machine. seems kind of discriminatory against gay people
|
|
#
?
Jun 6, 2017 02:22
|
|
