Beta Man

Round and Round the Passwords Go

Lieberman Software's Roulette is an elegant and effective password-management tool.

Dealing with password administration is a pain in the neck. We all juggle a dozen or more passwords, most of which we have to change on a regular basis. Most of the time, we can choose a password that we can actually remember, as long as it meets certain restrictions. Other times, we'll have a password assigned to us that's often a random jumble of letters, numbers and special characters.

If it's hard on the users, imagine how hard it must be for help desk, application and network administrators. The help desk ends up spending a good part of its time diagnosing password issues and resetting forgotten or expired passwords.

Security is still compromised because users have so many passwords that they must resort to writing them down on a piece of paper and sticking them in their wallets. Or worse yet, they tape them to the desktop next to the computer keyboard, accessible to anyone passing by.

How many systems do those accounts access, and for what purpose? On a large network, it's easy to lose track of the privileges afforded any particular domain or admin account. You change a password on an account, and all of a sudden an obscure but important application doesn't work.

How about password length? We typically don't pay a lot of attention to how long our passwords are, but there are now hashes available that can break shorter passwords in minutes. The lack of standards for password length and composition is the world in which Lieberman Software Corp.'s Roulette plays.

Roulette randomizes passwords and updates an account's password everywhere the account is used across an entire enterprise network. It makes those passwords available through a Web portal so that users don't have to remember random password combinations. It also logs password check-outs and check-ins so that auditing is automatic.

Easy Setup
The software installs easily on a Windows 2003 Server. It requires a SQL Server or MSDE database connection to complete the configuration. I configured a connection to SQL Server, installed and started the accompanying Windows service, and launched the software. The first step is to load all of the servers with accounts into the software. You can add systems manually, from a domain list, from Active Directory or from an IP range, or you can browse for systems.

Then you'll set up the Web site. The Web site gives you a simple and convenient interface for checking out account passwords. Simply log in to the Web site and check out a password for a specific account. You can also request an amount of time required for the checkout. If you exceed that time limit, you either ask for an extension or the password is changed and you're locked out.

Roulette also propagates new passwords across the network. It searches out each of the systems it knows about, finds the specified accounts and performs tasks based on defined jobs. If you change a password once or have a regular change routine, Roulette will generate a new set of passwords and update all accounts. Lieberman Software told me they change their system passwords on a daily basis.

Roulette also reports on where you stand with accounts and passwords across the network. It lists all accounts and gives you a summary report. You can see when system accounts were last accessed and by whom. If an account has never been accessed, for example, you might want to check it out to see if it's even needed.

This version of Roulette is combined with the Lieberman Random Password Manager, which actually generates the passwords. Lieberman hasn't determined the version number yet, though the release itself is scheduled for the fourth quarter of 2007.

It's not a sexy application, or even a sexy problem, but you can get excited about how well Lieberman has thought through the problem and arrived at such an elegant solution. For sheer utility, you couldn't do what Roulette does manually. You could write scripts to accomplish some of these tasks, but they'd likely be incomplete and difficult to maintain. If password management across many servers is one of your management headaches, Roulette is the right aspirin.

About the Author

Peter Varhol is the executive editor, reviews of Redmond magazine and has more than 20 years of experience as a software developer, software product manager and technology writer. He has graduate degrees in computer science and mathematics, and has taught both subjects at the university level.


comments powered by Disqus

Subscribe on YouTube