DotNetKick.com is an open-source project. Please report any bugs and let us know your great suggestions. Currently running svn revision 620 (rss)

Kick Spy!, Kick Zeitgeist and Kick Widgets

6
kicks
Where does your .NET development team keep its passwords?
published 2 years, 7 months ago, submitted by jonathan_cogley 2 years, 7 months ago

thesecretserver.com — With the promise of single sign on, we are all not supposed to need passwords anymore, right? Then why do we have passwords for network routers, sourcecontrol repositories, FTP accounts, POP accounts and so many other things (without even stepping into the physical world of things such as combinations, security code, cellphone pins, etc). Where do you put them? On a post-it note? In Excel? None of these solutions are very secure and don't allow for auditing or secure sharing across your team. One solution is our product, Thycotic Secret Server (http://thesecretserver.com) but I am interested to hear how other teams are doing it!

Add a comment 6 comments | category: | Views: 0 | Get KickIt image code
| tag it

new Add a live kick counter to your blog >> liveImage

You can even customize the image by choosing your own colors, and then clicking the button below to update the preview and the html code:

  • "Kick It" text
  • "Kick It" background
  • kick count text
  • kick count background
  • border

Simply copy and paste this HTML into your blog post.


Users who kicked this story:
gavinjoyce gavinjoyce - aspinator aspinator - goal - nonameok - dimmer - jonathan_cogley

Comments:
I have been using password safe (http://passwordsafe.sourceforge.net/) for storing passwords.

Your product looks good though, the price (starting at $29 per user) looks good too.
posted by gavinjoyce gavinjoyce 2 years, 7 months ago
We use KeePass with 2 password files placed on a shared drive (one file for passwords that the whole team needs, one for passwords that are restricted to the owners & lead developer). Works fine for our 5 person team. If we had more than 2 levels of access, we would hit some scalability issues, but since we don't this works fine and it's free.

http://keepass.sourceforge.net/
posted by cslatt 2 years, 7 months ago
KeePass looks good, thanks for letting us know about it.
posted by gavinjoyce gavinjoyce 2 years, 7 months ago
A question on "all in one file based system" ... what happens when one of your team members leaves? Do you practice due diligence and change ALL the passwords - even though the person who left may never have looked at many of them.

I see the same problem with systems that use USB keys ... they work well for individuals but not groups of people.
posted by jonathan_cogley 2 years, 7 months ago
One dotnetkicks user asked on our website: "how do i know this isn't a scam for you guys to get my passwords???"

Most products (including Secret Server) require you to download and install the software on your own hardware. Admittedly the software could still send sensitive information over the internet somewhere but then we wouldn't be in business long!

Just to be clear, we want your *business* not your passwords. :-)
posted by jonathan_cogley 2 years, 7 months ago
Yes, when someone leaves we change all the passwords on internet-accessible devices and sites. It only takes about an hour.
posted by cslatt 2 years, 7 months ago



information Login or create an account to comment on this story
 

Sponsored Link: www.carlist.ie

Search:

Ads via The Lounge

You are the editor:
View upcoming stories
Submit a story
How else can I help?
Earn money
Tags: all tags - your tags