Official password policies

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Official password policies

Postby rbeede » Sun Feb 12, 2012 10:22 am

The ward clerk has asked that I obtain a list of all the Windows accounts and their passwords on the ward computer. (The stake setup the computer with multiple accounts, all admin, for use. I know that isn't the norm but that is how the stake wanted it).

I saw on the wiki some official MLS information about each person having their own username and password that they don't share. We won't record the passwords in that case.

What about official policy on not writing down the Windows password? The idea is to print off the list and store it in the clerk's office locked in a cabinet. Is there any official policy about not doing this? References please.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Sun Feb 12, 2012 11:57 am

rbeede wrote:The ward clerk has asked that I obtain a list of all the Windows accounts and their passwords on the ward computer. (The stake setup the computer with multiple accounts, all admin, for use. I know that isn't the norm but that is how the stake wanted it).


The stake controls the computer and thus the Windows accounts, and the ward doesn't really have any right to obtain all the Windows accounts and passwords. The ward clerk can ask, and if the STS chooses to share, I suppose he can, but he certainly doesn't have to. I am the STS in my stake, and I have an admin account on all the computers, and I personally would never share those account credentials with any ward clerk. The stake president has this information safely locked away (just in case I am for any reason unavailable and the passwords are needed).

rbeede wrote:I saw on the wiki some official MLS information about each person having their own username and password that they don't share. We won't record the passwords in that case.


That's correct regarding MLS passwords, as documented in the MLS users article.

rbeede wrote:What about official policy on not writing down the Windows password? The idea is to print off the list and store it in the clerk's office locked in a cabinet. Is there any official policy about not doing this? References please.


I don't know of a specific official policy on that topic, but standard security practices would certainly make one wary of storing a written password anywhere near the computer.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Postby rbeede » Sun Feb 12, 2012 3:19 pm

We really don't need the stake admin account information. He just wants all the logins for the local leaders (each organization has its own username). I'm guessing since there isn't any policy on having multiple accounts for Windows there isn't any official password policy for it either.

aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Postby aclawson » Sun Mar 11, 2012 10:14 am

What is the advantage of having multiple accounts? Since MLS required admin access to function properly anybody who used the machine would have full admin rights and could therefore get into any of the other accounts whenever they wanted?

Confidential files should be encrypted and protected with a password individually. If you want to make things more secure and convenient than that then a TrueCrypt (or similar) volume can be created that allows you to encrypt what is essentially a folder.

russellhltn
Community Administrator
Posts: 20762
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sun Mar 11, 2012 12:09 pm

aclawson wrote:What is the advantage of having multiple accounts?


In case someone does something dumb with the main account, there's a backup admin account for fixing it.

aclawson wrote:Confidential files should be encrypted and protected with a password individually.


According to policy, "The MLS database is stored on the computer’s hard drive. Other confidential files should not be stored on the hard drive. They should be saved on external media and locked in storage when not in use."

You can add encryption on top of that if you wish, but it's not required.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Postby rbeede » Sun Mar 11, 2012 4:54 pm

The other advantage is that non-confidential files like templates for documents and other things are separated for each user. That way the clerk's templates (like agenda forms) aren't cluttered in with the EQ or other users.


Return to “Clerk Computers”

Who is online

Users browsing this forum: No registered users and 1 guest