× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2005

RE: Passwords

Where is that locked cabinet?  If it's located in the same facility as
the system, it might not do any good in a DR situation if the building
is inaccessible.  

If you use an off-site storage vendor like Iron Mountain or Recall (more
for document storage than media storage), store the envelope with them.
That way, retrieving the password takes effort (and possibly cost) and
an audit trail of who requested the envelope will be generated.  Have
the envelope 'expire' as often as the password changes.


John A. Jones, CISSP
Americas Information Security Officer
Jones Lang LaSalle, Inc.
V: +1-630-455-2787  F: +1-312-601-1782
john.jones@xxxxxxxxxx

-----Original Message-----
From: Dave Snyder [mailto:Dsnyder@xxxxxxxxxx] 
Sent: Thursday, February 24, 2005 8:10 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Passwords

We are reviewing our policy for maintaining "high-power" user passwords
in a secure location, like for QSECOFR. Right now we maintain the
password in a locked cabinet in an envelope that we replace each time
the password changes. If the seal was broken we know the password was
compromised. Does anyone have other ideas on how to maintain passwords
of users that have great authority, especially for disaster recovery
purposes, and also an easy way to change them periodically?

Dave



This email is for the use of the intended recipient(s) only.  If you have 
received this email in error, please notify the sender immediately and then 
delete it.  If you are not the intended recipient, you must not keep, use, 
disclose, copy or distribute this email without the author's prior permission.  
We have taken precautions to minimize the risk of transmitting software 
viruses, but we advise you to carry out your own virus checks on any attachment 
to this message.  We cannot accept liability for any loss or damage caused by 
software viruses.  The information contained in this communication may be 
confidential and may be subject to the attorney-client privilege. If you are 
the intended recipient and you do not wish to receive similar electronic 
messages from us in future then please respond to the sender to this effect.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.