Hacker News new | past | comments | ask | show | jobs | submit login
What to do about shared passwords?
1 point by andre on Oct 8, 2010 | hide | past | favorite | 1 comment
how do you handle usernames/passwords/api keys across a department/company?

I'm talking about passwords that many people need access to, such as vendors/partners that give you only one u/p for entire company. or server login infos.

do you put in a text file on a network? intranet?who's in charge of them? custom database? some program that I'm not aware of?




One thing I've done before is create a truecrypt volume that a privileged few folks have the passphrase to unlock. Inside the truecrypt volume, we had a text file with username/passwords and other notes. Additionally, we had folders within the volume that kept our company's SSL certificates and other critical security secrets.

That only works in when the secrets need to be shared among a very few people. When more people are involved it gets very very difficult to segment out who has access to what.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: