How do I sync passwords with fellow sysadmin?

I am working in a place, where we are two superusers, and several servers, and other things that needs passwords. We share workrelated passwords 100%. -but we would like to safely be able to sync passwords. How can that be done?

The mSecure app on iPhone can sync to dropbox, but we do not wish to sync our private passwords.

Update: The passwords are from linux servers and web login and user passwords and many other things. They are not in any specific format. - all are shorter than 14 characters.

hpekristiansen

Posted 2013-01-22T12:55:28.177

Reputation: 209

1You are referring to Linux or UNIX I assume? Can you update your tags if that is relevant. Do you want to include system passwords or could you limit it to browser (web/intranet) passwords? – Julian Knight – 2013-01-22T13:12:00.643

1create a common lastpass account? – Sathyajith Bhat – 2013-01-22T14:02:57.180

@Julian Knight: I am not referring to any specific system. -see update. – hpekristiansen – 2013-01-22T14:46:38.673

@Sathya: That is a possibility - I will look into it. Is it free? can it sync to devices as iPhones or computers? Maybe you could post an answer? – hpekristiansen – 2013-01-22T14:48:27.733

2Arg. Bad enough you're sharing passwords at all (you should each have your own set of accounts, so if anything goes wrong the logs will show who is responsible), but sysadmin passwords should be, above all else, LONG. shorter than 14 characters == sad face – Joel Coehoorn – 2013-01-22T15:25:39.330

Answers

If you're willing to store your passwords encrypted-but-publicly-available manner, it's trivial:

Obtain a password manager such as KeePass, Lastpass, Password Safe, or a number of other options.
Create a password database containing your common passwords. (Naturally you would follow standard procedures to create a master password for the database, as the database is encrypted with a key derived from the master password.)
Store the encrypted database in a location commonly accessible to both of you. Dropbox is fine, since the database is encrypted, but other cloud services work too.
Both of you share the master password to the database.

Do note that this does NOT provide security against one of you changing the database master password. Given that you're looking to share passwords this way, it shouldn't be an issue, since that level of trust is there already, but BE AWARE.

I personally use KeePass, but any of the major password managers available are fine. I know that KeePass has an iDevice app with Dropbox support, and it's likely that others do as well. (Password Safe does not.)

EDIT: There is related discussion at IT Security.

Jonathan Garber

Posted 2013-01-22T12:55:28.177

Reputation: 623

What you desire seems to be a perfect fit for what LastPass offers - you create a common account & have it store all your passwords. The passwords themselves are encrypted & stored, and can be unlocked by using the master password.

Apart from website passwords, you can also have it store serial numbers and the like

enter image description here

Though LastPass is free to use if you stick to the Web UI/ Browser extensions, they have mobile appls which require a premium account(and tbh. it's not too expensive)

Sathyajith Bhat

Posted 2013-01-22T12:55:28.177

Reputation: 58 436

You can create an online document and make it available to only the two of you (google docs or any other and you have access to that file from any device)

Remus Rigo

Posted 2013-01-22T12:55:28.177

Reputation: 2 623