Links

  • 1. Sogeti
  • 2. JBoss
  • 3. IBM
  • 4. Oracle
  • 5. SpringSource
  • 6. NL-JUG
  • 7. Java

Archives

Syndication  RSS 2.0

RSS 1.0
RSS 2.0

Bookmark this site

Add 'JCN Blog' site to delicious  Add 'JCN Blog' site to technorati  Add 'JCN Blog' site to digg  Add 'JCN Blog' site to dzone

Posted by Jan-Hendrik Kuperus at 14:31 on Wednesday 6 May    Add 'Keeping project passwords safe' site to delicious  Add 'Keeping project passwords safe' site to technorati  Add 'Keeping project passwords safe' site to digg  Add 'Keeping project passwords safe' site to dzone

In many projects, if not all, passwords are used. Either for some shared repository or some test account on an application. In order to make life easy for developers, testers and other team members, these passwords are often kept simple. That might be acceptable in a development environment, but if you have to maintain a production environment you want some strong passwords which are preferably hard to remember.

So how do you keep track of these passwords safely then? You use a ‘password safe’.

Fancy utilities

One such utility is aptly named Password Safe[1]. Simply put, it is a big container for all your passwords. It creates a database which is secured by a master password and encrypted with the Twofish encryption algorithm. It is a free and open source application which was developed under supervision of Bruce Schneier[2].

At first this may sound like a silver bullet, but to be used effectively in a work environment, it requires a little planning. For example, it might seem logical to give every team member a copy of the project password database. What happens if one of the passwords is changed? Do you notify all your (former) team-members to update their password database? It does not only sound tedious, it is error-prone. People may be stuck with old passwords, or have not correctly entered the new password.

Password Safe Infrastructure

In order to effectively use these tools, you should create one database for a project and store it in version control. This makes sure your project store is in a central location where each future, former and current team member can find it. It also makes sure everyone has access to the most recent version with the most recent passwords.

Make sure the master password on the project database is sufficiently strong to prevent any leaked databases to be compromised. Do not be afraid to use a password of 20 or more characters, you will not need to remember it. Why? Well, you use a private password database to keep track of all the master passwords of the project databases. This is feasible since the project master passwords do not have to be changed periodically if you use a strong enough password.

All you need to do is protect your private password safe with a strong password you can remember. After you unlock your private database, you have access to all passwords of the project databases you can work with. If someone has changed a password in a project database, simply update it from version control and you too have the new password.

Password Safe Infrastructure

Password Safe Infrastructure

There is however one downside to the Password Safe utility: it currently only runs on Windows. Luckily there are other tools[3] which accomplish the same goal and are cross-platform.

If you are struggling with passwords at work, or at home for that matter, I suggest you check out one of these utilities and give it a go. It can also generate passwords for you if you run out of inspiration for strong passwords.

–JH


© 2020 Java Competence Network. All Rights Reserved.