| Re: Tracking Passwords or People with Passwords to Critical Systems | <– Date –> <– Thread –> |
From: Jay KapLon (jay kaplon.org)
|
|
| Date: Mon, 26 Jun 2023 03:45:40 -0700 (PDT) | |
On Jun 25, 2023, at 9:42 PM, Anna Amato <aamato216 [at] gmail.com> wrote: > > Dear Fellow Cohousers, > > Takoma Village Co-housing is trying to find a way to track passwords or the > people with passwords for critical systems. These are increasingly complex > with two factor authentication or very personal information, so reliant on > single individuals. (I’m answering in full here so there is a record in the list archives instead of just talking with you Ann. Happy to email directly with any more questions and post a summary to the list.) At Eastern Village Cohousing, just up the road from you, we use a password manager and share the records with the people who have need to know. We get around some of the issues you list by using a group email address for accounts and use an authenticator application for 2-factor (or multi-factor) needs instead of using a cellphone. (In a case where a cellphone is required and codes cannot be sent to the shared email group address, a Google Voice number could be setup to send the SMS text message to multiple people’s phones.) For security questions we do not use private information but instead use a random word and record both the question and fake answer in the password manager record for the given service. So, for example in the shared record’s notes; Security Question 1: “Who was your first grade teacher” Answer 1: Wombat One important thing is to have all the shared records created and shared from one person’s account and to make backups both from that person’s account and also by a second person who acts as a backup admin. (Sharing from one account makes sure passwords don’t disappear if someone else moves out.) Using a shared group email address also allows you to do a password recovery to that email. One point to consider is that any shared passwords are only as safe as the master password used by any of the people with whom the password is shared. Also, each password record should only be shared with the minimum number of people who have a need to know…but always at least 2 people and best is three. -Jay Eastern Village Cohousing Tech Team
-
Tracking Passwords or People with Passwords to Critical Systems Anna Amato, June 25 2023
- Re: Tracking Passwords or People with Passwords to Critical Systems Jay KapLon, June 26 2023
- Re: Tracking Passwords or People with Passwords to Critical Systems Sharon Villines, June 26 2023
Results generated by Tiger Technologies Web hosting using MHonArc.