enterprise tool for password management ?

Hi,

I'm looking for software that can protect the multitude of passwords that we
use in our company, both for our internal IT as for our clients' servers.

I have the following requirements:

- multi user and accessible preferrably via a browser
- decentralized management : users should be able to maintain their own set
of passwords for which they are responsible (e.g. internal IT support should
be able to update their own passwords, but only be able to see certain other
passwords, and have no access whatsoever to other passwords
- possiblity to print the entire set of passwords (for external storage in a
safe)
- it would be nice if we can add extensive notes to certain passwords or
sets of passwords (e.g. documentation on how to access a system)
- possibility to keep expired passwords (in case a passwords change was
forgotten and we need to retrieve the old password)


I've found so far one tool that claims it can do most of this, enterprise
password safe by argosy telcrest), but I've read some negative comments
(anonymous comments) about this software on the securityfocus website
(http://www.securityfocus.com/comments/tools/3864/36636/thre aded)
I'm not sure of the validity of these comments (I'm not too keen on
anonymous posters).

Can someone recommend this product, or suggest other tools that might do the
job. I assume every company of some size faces the same problem that excel
password files are just nog safe enough ?


regards,
tom.

Re: enterprise tool for password management ?

Tom Van Overbeke wrote:
> Hi,
>
> I'm looking for software that can protect the multitude of passwords that we
> use in our company, both for our internal IT as for our clients' servers.
>
> I have the following requirements:
>
> - multi user and accessible preferrably via a browser
> - decentralized management : users should be able to maintain their own set
> of passwords for which they are responsible (e.g. internal IT support should
> be able to update their own passwords, but only be able to see certain other
> passwords, and have no access whatsoever to other passwords
> - possiblity to print the entire set of passwords (for external storage in a
> safe)
> - it would be nice if we can add extensive notes to certain passwords or
> sets of passwords (e.g. documentation on how to access a system)
> - possibility to keep expired passwords (in case a passwords change was
> forgotten and we need to retrieve the old password)
>

>
> regards,
> tom.
>
>
check out KeePass Password save
http://keepass.sourceforge.net/
it's free

the only thing it can't do, is being accessed via web, but you can export to .txt, html and a bunch of other formats.

M

Re: enterprise tool for password management ?

"Tom Van Overbeke" writes:

>Hi,

>I'm looking for software that can protect the multitude of passwords that we
>use in our company, both for our internal IT as for our clients' servers.

>I have the following requirements:

>- multi user and accessible preferrably via a browser

Why not just have a public web page on which you post the keys?
As soon as you make this kind of requirement it is clear that "ease of use"
has taken over completely from security.


>- decentralized management : users should be able to maintain their own set
>of passwords for which they are responsible (e.g. internal IT support should
>be able to update their own passwords, but only be able to see certain other
>passwords, and have no access whatsoever to other passwords

NOONE should have access to anyone else's passwords.

>- possiblity to print the entire set of passwords (for external storage in a
>safe)

See above.

>- it would be nice if we can add extensive notes to certain passwords or
>sets of passwords (e.g. documentation on how to access a system)


>- possibility to keep expired passwords (in case a passwords change was
>forgotten and we need to retrieve the old password)

And how would an expired password help? An expired password should be no
better than my name at helping you get into the system.


>I've found so far one tool that claims it can do most of this, enterprise
>password safe by argosy telcrest), but I've read some negative comments
>(anonymous comments) about this software on the securityfocus website
>(http://www.securityfocus.com/comments/tools/3864/36636/thr eaded)
>I'm not sure of the validity of these comments (I'm not too keen on
>anonymous posters).

>Can someone recommend this product, or suggest other tools that might do the
>job. I assume every company of some size faces the same problem that excel
>password files are just nog safe enough ?


>regards,
>tom.

Re: enterprise tool for password management ?

>
>>I have the following requirements:
>
>>- multi user and accessible preferrably via a browser
>
> Why not just have a public web page on which you post the keys?
> As soon as you make this kind of requirement it is clear that "ease of
> use"
> has taken over completely from security.

>
>
>>- decentralized management : users should be able to maintain their own
>>set
>>of passwords for which they are responsible (e.g. internal IT support
>>should
>>be able to update their own passwords, but only be able to see certain
>>other
>>passwords, and have no access whatsoever to other passwords
>
> NOONE should have access to anyone else's passwords.

what are you talking about ? I think you misunderstand. we have hunderds of
passwords scattered all over the place (cisco routers, root & user passwords
for solaris systems, applications accounts, name it and we have it. I'm not
talking here about personal passwords, this should've been entirely clear
from my message.

>
>>- possiblity to print the entire set of passwords (for external storage in
>>a
>>safe)
>
> See above.

This is ofcourse imperative. No company should trust solely on software to
manage their passwords. being able to print it all out and keep it in a safe
in a remote location is sth. which is currrent practice in lots of companies
i've worked for.


>
>>- it would be nice if we can add extensive notes to certain passwords or
>>sets of passwords (e.g. documentation on how to access a system)
>
>
>>- possibility to keep expired passwords (in case a passwords change was
>>forgotten and we need to retrieve the old password)
>
> And how would an expired password help? An expired password should be no
> better than my name at helping you get into the system.

Jezus man, suppose we have a customer that demands that we change the
passwords of his systems on a monthly basis. Say that this is a manual task
and as nobody is perfect, we forget to change a password but we do register
the new password in the password application. At least with a retired
password list, you can go back and redo the change.
This is not fiction, this has happened to me a few times, and I was very
happy that I could find the old password.