Challenge 14 ☆☆☆☆

Welcome to challenge Challenge 14.

Password Managers

When we showed this project to my friend Kees, he asked us: hey isn’t that the same as having a very weak password on your password manager? Because that’s what my colleague did.

So here it is: the password manager challenge! We have set up a Keepass file in the Docker container where we put secret credentials to Alibabacloud in. Can you get it?

💡 Tip: Secrets are often strings, numbers, or encoded values. Copy and paste exactly what you find.

Why you need to be careful with password to other secrets

Whether you have a password for an enterprise secretsmanagement system or a password manager: your authentication factors make the difference between a breached system and a secure system.

So in simple terms when you authenticate to your password manager directly: - have a strong password (E.g. a lengthy one!) - use MFA if possible - enable any sort of alerting when a new device and/or IP tries to touch it.

If you use SSO: make sure that the system to which you authenticate caters for the same controls: allow for lengthy strong passwords, MFA, and proper security alerts when something spiffy is going on.


⬅️ Previous
🏠 Main Page
Next ➡️
0