Thursday, August 28, 2008

Password retention and storage

I got an email from a reader yesterday asking about how I generated and stored my passwords securely. The reader was interested in what methods were available to sysadmins for managing diverse passwords for different machines and devices.

I had to laugh at my password generation scheme (run 'fortune' a couple of times, pick some random words and throw a random character between them), and my password storage is nothing to brag about either.

What methods do you use in your infrastructure to generate / store passwords?