Comments on: How to choose a root password that you’ll remember http://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember/ Continuous Integration, Delivery and Devops Consulting Thu, 02 Feb 2012 22:31:14 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Steve Robbhttp://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember/comment-page-1/#comment-1395 Steve Robb Wed, 29 Jun 2011 17:56:07 +0000 http://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember#comment-1395 My team has been using Secret Server for a while now. It is designed for sysadmin teams - basically a web-based password vault with permissions, etc but can also test and actually change passwords for you. http://www.thycotic.com We have it randomizing our root passwords on a schedule. We also dabbled with the checkout where it changes the root password 30 minutes after you use it. My team has been using Secret Server for a while now.

It is designed for sysadmin teams – basically a web-based password vault with permissions, etc but can also test and actually change passwords for you.
http://www.thycotic.com

We have it randomizing our root passwords on a schedule. We also dabbled with the checkout where it changes the root password 30 minutes after you use it.

]]> By: simpsonjulianhttp://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember/comment-page-1/#comment-307 simpsonjulian Fri, 03 Apr 2009 10:23:54 +0000 http://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember#comment-307 @ken - I did penance and wrote a new post. @jtf - fair point - although it does remind me of the passwords that compuserve would hand out with their free floppy disks in the 90s. Maybe I was the only one to actually use those ... @ken – I did penance and wrote a new post.
@jtf – fair point – although it does remind me of the passwords that compuserve would hand out with their free floppy disks in the 90s. Maybe I was the only one to actually use those …

]]> By: Don’t be disco, use sudo | The Build Doctorhttp://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember/comment-page-1/#comment-305 Don’t be disco, use sudo | The Build Doctor Thu, 02 Apr 2009 22:25:31 +0000 http://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember#comment-305 [...] comment from Ken Mayer on my post about root passwords: No one should ever use “root” for anything except single-user mode emergencies and initial [...] [...] comment from Ken Mayer on my post about root passwords: No one should ever use “root” for anything except single-user mode emergencies and initial [...]

]]> By: Ken Mayerhttp://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember/comment-page-1/#comment-304 Ken Mayer Thu, 02 Apr 2009 11:29:29 +0000 http://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember#comment-304 I respectfully disagree with the premise. No one should ever use "root" for <em>anything</em> except single-user mode emergencies and initial configuration. Make it a long string of random characters and store it in a safe or encrypted on a secure hard drive. Make it unique for every box. Then forget about it. Use sudo instead. Leaving sudo's arcane configuration syntax aside for the moment, using sudo means every action is logged with a real person's name and a time stamp. Another good reason: you don't have to change the root password if someone quits or is fired. Use a password vault (like 1Password for the Mac -- there are many others). Make every single password unique, long and as random as possible. Then make your <em>master</em> password <strong>really</strong> hard to guess, but easy to remember (the first letter of each word from a long sentence, FIPS standards, two random words glued together by a figure or gliph, the suggestions here). And just in case you're run down by the Budweiser Beer Wagon one day, write it down and put it in a locked safe -- to be opened when you are beyond caring. I respectfully disagree with the premise.

No one should ever use “root” for anything except single-user mode emergencies and initial configuration. Make it a long string of random characters and store it in a safe or encrypted on a secure hard drive. Make it unique for every box. Then forget about it.

Use sudo instead. Leaving sudo’s arcane configuration syntax aside for the moment, using sudo means every action is logged with a real person’s name and a time stamp. Another good reason: you don’t have to change the root password if someone quits or is fired.

Use a password vault (like 1Password for the Mac — there are many others). Make every single password unique, long and as random as possible. Then make your master password really hard to guess, but easy to remember (the first letter of each word from a long sentence, FIPS standards, two random words glued together by a figure or gliph, the suggestions here). And just in case you’re run down by the Budweiser Beer Wagon one day, write it down and put it in a locked safe — to be opened when you are beyond caring.

]]> By: Jeffrey Fredrickhttp://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember/comment-page-1/#comment-306 Jeffrey Fredrick Thu, 02 Apr 2009 07:26:53 +0000 http://www.build-doctor.com/2009/03/31/how-to-choose-a-root-password-that-youll-remember#comment-306 That seems a bit retro, like you've got a limited number of characters for your password. Why not "<code>PeetsCoffeeTea1!</code>"? That seems a bit retro, like you’ve got a limited number of characters for your password. Why not “PeetsCoffeeTea1!“?

]]>