Application Security

Password Management

We’ve all seen them — the little yellow sticky notes pinned up on the workstation board, or attached to a cabinet, or whatever other clearly convenient and visible place that is available — the ones with username / password combinations scratched on them for all to see!  Is it any wonder that studies indicate that our most vulnerable areas of system security come from within?

While we may require “strong” passwords which get changed every 30 - 60 days, they can be even more susceptible to being “written down” where the user can “remember” them — in my experience the more restrictions put on a “strong” password the more often users will write them down because they’re afraid of forgetting them.  I don’t blame them — but — it sure destroys the security that we try to build into our systems. 

Add to this password mess the requirement for meeting varying requirements for individual systems, networks and workstations and the situation becomes convoluted at best.  What got me going on this blog path was seeing the statement “Sticky notes don’t make for good security” in something I was reading.  My response to the statement is, of course, DUH!

So — How to get passwords under control?  Wouldn’t it be nice if we had an application to securely allow us to use a single password to access all resources which meet our security level?  A Google search on password management tools returns a number of entries — however at a quick glance most tools seem to be specific to Mac or Windows environments exclusively.  It seems to me that most desireable would be an application which will serve ALL common O/S environments, as well as databases. 

Maybe I just want too much , but I can dream can’t I?