From a simple KeePass database to enterprise credential management solutions—what’s your setup at work?
- Not today, Russia. 
- The method of champions. Post-it on the bottom of keyboard. - Bottom of keyboard? Are you out of space on your monitor to place additional Post-its with user credentials on them? /s - Boss, I need a third monitor, I’m out of space for post-its 
- Monitor bezel is for the less secure systems. Under the keyboard is for the secure stuff. - And the really secure systems are in the filing cabinet. 
 
- Got a thrift store keyboard. The pink sticky on the bottom said: - User: admin - Pass: password - I wish I was joking. Someone out there was dumb enough to need a reminder on that one. 
- I would need a small book hidden under my keyboard. My work password safe has approximately 100 entries. 
 
- more dev than sysop, but: bitwarden 
- I write it in plaintext then email it to myself. For my email password, I write that down on a sticky note next to my monitor with my webcam pointing towards it with Skype and Zoom always running so I can look at it when I’m not at home. I always make sure to turn 2FA off as well, since that gets annoying and isn’t very convenient. - I might choose to mirror the webcam stream to a public RTMP stream later, but not sure yet, since I think that might open up some security holes. - This is exactly the kind of innovation I was looking for. 
- Also, if you use a really easy to remember password… I like P@ssw0rd! Easy to remember, and nobody will ever guess it because, get this… The ‘o’ is actually a zero! - Your password shows up to me as ************ 
 
 
- We use Netwrix Password Secure at work. They just announced this week they have found a RCE vulnerability in their software… 
- Bit Warden, one password, whatever float your boat just not last pass. - For SHTF stuff GPG. 
- We use PasswordState at work and KeePassXC for personal passwords. 
- correct horse battery staple - Always a relevant xkcd 
 
- We use ITGlue because it lets us tie password records to documentation which makes finding things very streamlined. - Personally, I use Bitwarden 
- Bitwarden/KeePass for MFA (not SMS or email) protected accounts. Pen and paper stored in a fire proof vault for non-MFA and break glass accounts. 
- As an admin for a Linux server, I want to institute a ssh pub key expiration policy for all the users and enforce non-reuse of old keys. Does anyone have a best solution for this? - Sounds like certificates to me, but I don’t know of any such solution - Edit: I found out that openssh allows the logon with a certificate. This guide shows how to setup a public key that expires after 52 weeks. 
- How do you do your pubkey deployments? If you use ansible, it should be simple enough. 
 
- deleted by creator 
- Keepass - Keepass x2 
 
- At work I keep them in onenote (they are encoded) because they won’t let us install an actual password manager and half the shit I log into doesn’t support SSO/doesn’t have it set up and is all on different password schemes. Our service account passwords are in a shared cyberark vault. 
- Scribbled on the whiteboard in the office. - jk - I would never scribble my password on a whiteboard. It’s important to write in large clear letters so I can read it from across the lab. 
 



