It is important to to keep track of all the system administrator accounts and passwords as well as any application ones requested by developers or end users.
Another important aspect of security is making sure that passwords are strong enough to meet your companies audit requirements. Why even use a password if it can be easily hacked?
Today, I want to go review how the Password Safe utility, which is a open source project, can fulfill these requirements.
I was required to do a book report every three weeks on any book of my choosing in Middle School English class. This is when I discovered J.R.R Tolkien fantasy series of books.
“One Ring to rule them all, One Ring to find them, One Ring to bring them all and in the darkness bind them.” – Fellowship of the Ring
This quote from the book neatly explains the purpose of the password safe. A single password encrypted file repository that contains all the keys (accounts & passwords) for a particular business purpose. For instance, we could have three safes with passwords for database in development, quality assurance and production.
I am assuming that you downloaded and installed the Password Safe utility. Our first task is to select a location to place a brand new database.
Our second task is to give the new password safe database (file) as strong password. To make sure I do not forget the password, I took a screen shot of a text document showing the password.
One very cool feature of this utility is the ability to generate random passwords. Be that as it may, the default pattern for generating passwords does not adhere to the SQL Server 2012 standards.
Choose the manage main menu and passwords sub-menu to change this pattern. The screen shot below shows the removal of punctuation from the pattern and the increase of total length to 24 characters.
Choose the manage edit menu and add entry sub-menu to starting adding information to the safe.
I usually use the “server name” as the group, the “database name” as the title, and the “database user” as the username. Exceptions to this rule are accounts like [sa] that are placed under the fictitious [MSSQL] database. Using [SERVER] could be another good choice as long as you never ever use the name as a real database.
The screen shot below shows the [sa] account for [MSSQL] for the [LATG1292] server.
I repeated this task two more times to create entries for the [AUTOS_ADMIN] and [AUTOS_USERS] accounts.
Another great feature of this tool is to place a copy of the password onto the clip board without ever showing the password. This is very handy when a panicked colleague is asking you to change a password on the spot. Please see the screen shot below showing the saved accounts for the [LATG1292] server.
The cool features of this tool keep on coming! If you do not use the tool for a while, it will automatically log out of the program. You will be prompted for the safe combination to continue work at a later time.
A review of this utility would not be complete without a brief review of each of the main menu items.
The file menu item can be used to create, open, close, import, export, and synchronize password safe databases (files).
The edit menu item can be used to add, edit, and delete items and groups.
The view menu item can be used to change the look and feel of the utility.
Last but not least, the manage menu item can be used backup and restore password databases. Also included on the sub-menu are change safe password, configure password policies, get random password, adjust program options, and reconfigure tool bar actions.
A short and sweet summary of this utility is that it adds value to the IT teams that need to keep track of the keys to the kingdom (middle earth for you Tolkien fanatics). Since the password safe uses twofish encryption, you are guaranteed a secure file. Put this file on a secure hidden network share and you now have a tool that can be used by a whole team.
The best part of the Password Safe is its cost. FREE!