IT Documentation - The Blog

How to Document Your Passwords Safely

July 16, 2014

As mentioned in an earlier post, Docusnap includes a feature that allows you to save your passwords. This considerably improves IT security at your company. If passwords are saved in insecure documents, e.g. in Microsoft Word, Excel, or using a simple text editor, there is no protection against access, copy, deletion, or modification by unauthorized persons. So quickly make sure that this security gap disappears once and for all.

Collecting passwords from all isolated documents

Gather your passwords and enter them into the Docusnap database. Assign the passwords to the inventoried devices, or, even better, to the corresponding services. This, however, assumes that you already have a service catalogue and that the required service groups have thus already been defined. If this is too tedious at the moment, you can leave it for a second pass. The main thing is that you document your passwords properly and verify them at the same time. Assignments can be defined later.

If you have enabled the password container feature in the basic Docusnap setup, you can enter user names and passwords. These can be assigned to a single asset, to system groups, or to the created companies themselves. Find the way that suits you best and always store the passwords in a consistent manner, i.e. at the same locations. If you assigned one of the passwords incorrectly, this is no problem. In Docusnap, all passwords, regardless of their assignments, are displayed in a global password overview under “Organization”.

Once the password feature is enabled, Docusnap creates an encryption file (*.dcr). Save this file on the file server in the folder you created for your Docusnap documents. Create a separate subfolder only for this file and undo rights inheritance for this folder, i.e. assign the access rights to this folder independently from any other access rights. This way, you can control in a more granular fashion who will have access to the stored passwords. When you proceed in this way, you can assign the task of entering license information to a trainee or to a temp and give them general access to the documentation. However, these persons should of course not have access to the passwords themselves.

The only password that you will have to document outside Docusnap is the login password for the Docusnap database. Of course, you will save these credentials in the Docusnap database as well. If Docusnap is used by more than one person, it makes sense to also save this data in another location. Maybe on a USB device along with the encryption file? You could keep it in a safe place, such as an office safe or a bank deposit box. In case the SQL credentials should get lost, this is not a big issue. The login can be re-created at any time. Ask your database admin for help.

For each entry, you can enter additional information, if required. This makes the system very flexible and avoids documenting the passwords in another place. A very useful feature prevents the password in a displayed record from being displayed as plain text, avoiding a security gap if someone stands behind you when you access the data. A small button allows you to display the password directly on your monitor, using a second button, you can copy the password to the clipboard of your computer.

With these features, your IT documentation will contribute actively to general IT security.

For detailed instructions on how to create passwords in Docusnap, refer to the Docusnap User Manual.