Our newest biggest client’s IT department asked me if I had a suggestion how to deal with the following. If anyone has a suggestion let me know.
Below is the request they sent me:
A small number of people here need to be able to access sensitive information, in case of emergency. Need to be able to do this from a Smartphone but it can’t be stored on the smartphone. The sensitive information would be items like:
- Server admin logon’s and passwords
- Clients logon and passwords
- Clients emergency contact info
All this information could be in the form of simple PDF / Workbook or Word document.
Need a suggestion
Moderator: Moderators
- Iane_Blaidd
- Member
- Posts: 1788
- https://www.behance.net/kuchnie-warszawa
- Joined: Tue Oct 28, 2008 8:04 pm
- Location: Plano, Texas
Need a suggestion
Iane Blaidd
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran
As people have mentioned, Local Storage on a smart phone should be considered a huge no.
Access to something secure via smartphone Internet would potentially be okay. One client I use utilizes LastPass which is a secure cloud storage mechanism for passwords.
The downside is that it does store an encrypted version of the password DB locally on your phone, but it does require a password to access. One thing to note however - it can use what's called "password sharing" in which you can share passwords with another person using LastPass, and you can share it in such a way that it doesn't allow them to view or copy the password but they can still use the password in the web browser embedded in LastPass.
There's really no reason to reinvent a wheel here. If they are okay with encrypted versions of the files on the phone, a simple password manager that requires some kind of password to log in to it and stores everything encrypted on disk should do the job. I still recommend against storing passwords on ANY mobile device with storage on it, even if it's encrypted. This includes laptops.
Access to something secure via smartphone Internet would potentially be okay. One client I use utilizes LastPass which is a secure cloud storage mechanism for passwords.
The downside is that it does store an encrypted version of the password DB locally on your phone, but it does require a password to access. One thing to note however - it can use what's called "password sharing" in which you can share passwords with another person using LastPass, and you can share it in such a way that it doesn't allow them to view or copy the password but they can still use the password in the web browser embedded in LastPass.
There's really no reason to reinvent a wheel here. If they are okay with encrypted versions of the files on the phone, a simple password manager that requires some kind of password to log in to it and stores everything encrypted on disk should do the job. I still recommend against storing passwords on ANY mobile device with storage on it, even if it's encrypted. This includes laptops.
- Iane_Blaidd
- Member
- Posts: 1788
- Joined: Tue Oct 28, 2008 8:04 pm
- Location: Plano, Texas
Thank you guys for your input
Alsmack i think your idea is best and i found a few other sites like the one you suggested so i am going to send them with yours as my top suggestion since i have zero exp with any of them....
if anyone else knows of a secure "sloud" site that can be accessed via a smartphone browser let me know
Alsmack i think your idea is best and i found a few other sites like the one you suggested so i am going to send them with yours as my top suggestion since i have zero exp with any of them....
if anyone else knows of a secure "sloud" site that can be accessed via a smartphone browser let me know
Last edited by Iane_Blaidd on Thu Dec 19, 2013 3:12 pm, edited 1 time in total.
Iane Blaidd
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran
105 Druid of Tunare
“Why do I even dare to think I could dream I could imagine I could hope?”
― Dylan Moran
Do a server based Wiki.. All information would be stored on the wiki can be updated and changed as needed and permissions are required. You can make it HTTPS only to secure the connections and you can revoke access at any point. It can be done via phone or computer, remove or local.
If you need to actually store files a CMS like Sharepoint might be the way to go.
If you need to actually store files a CMS like Sharepoint might be the way to go.