patterns and practices – Sysadmin password storing

I use KeePass to store sensitive information, and have some password databases that are shared with colleagues. It is free and open source, approved by security people at my work, and can be run without installation (which means that we can have not only the password database but also the actual application on our server – no need for new colleagues to install new software just to get access to passwords).

I/we use a master password, which of course is sensitive information. KeePass can also be used with a key file (which then should be stored separately).

One of the advantages of this approach is that password databases can be passed on to someone else, both as in “share with yet another person” and “I leave this to you”.

Having a backup of the password database will be important, since you will lose all your passwords if the database is lost. For my personal stuff I have a backup using Dropbox. At work we have an internal backup running. (Dropbox is not my favourite, since it gives access to US authorities, but I consider my passwords to be safe since they are encrypted in a strong way.)

EDIT: There are plugins to KeePass that allows auto-pasting passwords in web browsers. I don’t use these, since the idea of having another application automatically read my passwords seems … bad. I find some other applications (such as Strongbox on iPhone) highly useful.