To my understanding, password-protected spreadsheets are not best practice for storing admin creds, whether it’s a company of 5 people or a company of 50,000 people. In such a case, what are some best practices for storing admin account credentials?
My two cents: An obvious answer might be encrypt the data and store it in a db. My response to that is say there’s a data breach, the db is compromised, maybe the nefarious user(s) grab a copy of your db, deletes the db, and now your admin creds are all gone and you cannot access any systems because you don’t know the admin credentials. Maybe storing it n the db is a good move to help ensure the data is encrypted and in one centralized location, but you’re still vulnerable if an attack is successful.
There’s two-factor authentication and store the data with a third-party but does it make sense to store company sensitive admin credentials with a third-party?
So, I go back to password-protected files or spreadsheets. If only a limited number of people within an organization need to know the admin creds, does it make more sense to store it in a spreadsheet or file, password protect it with AES 256-bit encryption using a very strong password (longer the better), and securely pass the file around to those who need it and update the passwords on a frequent basis? The file would be stored on the local machine of each user who are privy to the information. And maybe break out the creds into several files and each file has a different password to open it.
I’m very curious to hear what others in the community would recommend.
