As a consultant, I am frequently receiving new passwords at clients and becoming aware of the password practices of others. One of the most shocking things I’ve come to discover is how loose people are with their passwords. At times, I am even included in this group.
Over the past two years, I’ve been attempting to improve my own habits with how I handle logons and passwords. Some of these changes are to protect myself from accidentally allowing somebody accidental access to the systems I am granted access to. And other habits are to
- Use a password generator to create unique logons. A couple sites I’ve used are here and here. It doesn’t necessarily matter where you get the password – just make sure it strong and has nothing to do with you.
- Do not use shared logons. The problem here is that someone else can logon and blame you for the things that they do. No one knows for certain who is doing what.
- If there is a shared logon that can’t be gotten away from – then change the password when people leave the organization or the engagement ends. Don’t leave an open door for curiosity and the disgruntled.
- Store your logons, passwords and any other information regarding the system in a secure location. I use KeePass and it has allowed me to “remember” more passwords without the fear that someone who obtains my laptop or reads my notepad can get into them.
Remember when people grant you access to their systems they are trusting you. Make certain your habits are worthy of that trust. As DBAs we are often the last line of defense in securing an organizations data.
7 thoughts on “Do You Protect Your Passwords?”
Thanks for this Jason.
Given data (IMHO) is an organization's most important asset; I totally agree that password protection is somthing we need to do our best with.
For service accounts and other non-person accounts, I go for the longer names; say random 32 chars. Not because of the hacking protection (where 9 chars is good enough), but so folks can't remember the passwords and so I can text search the environment (after hours) to see if they come up on the LAN.
The other thing is, I try to avoid zeros (0s)and ohs (Os) in a password. This has bitten me in the past.
Also I try to ensure the password starts with a letter or number; not doing so caused an issue in the past (either logging into SQL or DB2/i cant remember which).
For service accounts and other non-person accounts, I go for the –> passwords <–; say random 32 chars.
Nice article and nice reminder for us all. I use PWSafe currently (Sourceforge) – but am going to check KeePass out as well.
Nice question, to remember this sensitive part of the IT professionals!
An important point well made.
As data professionals it's just not practical for us to maintain the sheer volume of credentials we work with in our huge brains. That's not a valid reason to start storing them all together in an Excel document somewhere on the network either. Seriously, I know of shops where this was done.
Using a suitable password store or key management tool as you have suggested is an essential habit for a data professional in my opinion. PaswordSafe is another good option.
Good option as well.
Comments are closed.