Yesterday, I was fed up with my password mess. I had too many passwords, and despite my “method,” I was losing track of them all. I decided to work on upgrading my method. I started out looking for a replacement “password vault.”

Here are my requirements:

1. is highly secure, using accepted standards (i.e. - PKI, DES, etc)
2. works on/across multiple platforms (PC, Mac, Linux, BlackBerry)
3. synchronizes across multiple instances/platforms (as automatically as possible)
4. easy to access/use (i.e. - retrieve and use a credential, without too many hoops)

KeePass meets all those criteria, but the interface isn’t great.

I asked some friends and posted to a newslist. Answers came back including:

• KeePass
• vim -x
• Other encrypted text files (ex. Word doc, plus external encryption)
• Use a regular thumb drive with TrueCrypt
• Use a secure/encrypted thumb drive, like the Ironkey

This got me thinking along related lines.

Personal Meta-Directories

1. We all have these. Outlook, Notes, Thunderbird all have our email address books. We have our cell phone address book. We probably have a paper address book for holiday cards. Your spouse, children, boss and peers also have theirs.

2. Why don’t we keep our “Passwords” in the Address Book? Obviously because it’s not secure. Passwords should be expanded to include any required credentials (certificates, tokens, keys, etc.). But companies keep our credentials in corporate directories. Why shouldn’t individuals keep theirs in their own personal directory?

3. The KeePass is a file store with some directory-like characteristics. But it’s no real metadirectory. The address books I have are not real directories either. And in any case, many meta-directories have poor security.

But, wouldn’t it be nice to have a metadirectory with all your access credentials, as well as all your contact data? This is essentially all the data necessary to set up and negotiate the various types of communication channels you personally need and use.

What do you use?

We at LiveBolt would like to know what YOU, the reader, use for securing your “bits.”

We’ll select a user at random on July 1st from the comments below and send them a new IronKey Personal, 1GB Secure (not to mention waterproof) USB Flash Drive, by IronKey. (To the winner: we just ask that you write back and let us know what you think of it!)

To enter the contest, just reply with a comment to this post (before noon CDT on 7/1) and include your answers to the following questions:

1) How do you manage your passwords?

2) What software/hardware/methods do you use?

3) What would be your idea of a killer-app for personal “attribute” management?

Comments will be locked at noon CDT on 7/1 so we can pick a winner. Make sure to include your email address in your comment so we can contact you if you’re a winner. Good luck!!!

Edit: 1 entry per email address and/or IP address, duplicate entries will be disqualified.

Filed under: General, Legal, Privacy, Security, encryption | 9 Comments »

I hesitated posting this entry since it seems more personal than business related. The “softer” side, if you will.

Tim Russert, who grew up 3 blocks from my father, moderator of NBC’s “Meet The Press” has passed on much too early. This is truly a tragic loss — to Buffalo, to politics, to family & friends. The odd thing about today’s electronic/media/technological-age is that our DVR has Russert’s (unknowingly) last episode, and the following tribute episode with Tom Brokaw.

It can be easy to forget that behind the bits and bytes of technology, there are real human beings. Either an audit log, or a digital video recording — many of these moments are actions by people. It caused me to interrupt the scheduled delete/rotation and instead, those two episodes are tagged, “save until I delete.”

A former mentor and boss passed away at a much too young age, just a few years back, similarly sudden and tragic. At work, his technology accounts were immediately deleted and in some cases, suspended. Many at work called this step callous and insensitive. But the sad truth is there are elements out there ready, and willing to take advantage. And in Identity Management, we are sometimes on the front lines of technology response when there’s a human tragedy. It’s not callous — it’s about security.

I can only say that when we work with bulk files, HR data feeds, ACLs and workflows we take just a moment to remember — it’s not just line numbers or data elements — its human beings.

Filed under: Provisioning, Security | No Comments »

Consumer electronics: the next market for Identity and Access Management software?  We just took a giant leap towards that reality with the availability of an “Internet connectivity kit” for the Jura F90 coffee maker.

We take an even larger step towards needing IdM at home when said “Internet connectivity kit” doesn’t require a username or password for remote logins.  Nor does it perform input validation when changing factory parameters.  We even have Bugtraq and Security Focus vuln posts.

Read more »

Filed under: Security | No Comments »

Airlines are still putting themselves out of business.

Last week, I flew to Chicago for a meeting. My wife also had a meeting in Chicago at the same time, so we flew together. My meeting went fine. Hers did not. Why? Because the speaker for the breakfast she was hosting (250 people registered) didn’t arrive. Weather was the stated issue. The speaker’s flight was cancelled, and 8 hours of waiting at the airport couldn’t get her a seat on a new plane. The flights were all too full. Essentially, there is no slack in the airline system, so “slack” shifts to the edges, to the passengers. Read more »

Filed under: General, Uncategorized | No Comments »

Security is making people NOT fly.

I’m getting old and crotchety. Apparently I’m not alone. CNN reports that 100,000 people a day are choosing NOT to fly, because of the “inconvenience” involved. That’s 41 million flights a year. ( http://www.cnn.com/2008/TRAVEL/05/30/airtravel.decline.ap/index.html )

We all started flying, commercially, 70 years ago because it was “convenient”; expensive, but convenient. Safety was poor, but convenient was more important. Over time, due in large part to the FAA, safety improved. It actually improved to the point that flying is now the safest method of travel available on the planet.

For at least some of us (some 100,000 people a day) driving has now become more convenient than flying — even though it is frequently slower (for trips over 4 hours), it is more work (you have to drive yourself), more dangerous, and potentially more expensive. For at least some of us, there is now TOO MUCH security. I’m a “security guy” and for me Air Travel now has too much of a good thing. Read more »

Filed under: Security | No Comments »