I was recently called as STS, and on my first visit to the Stake Clerk's office, I noticed a list of zoom account passwords posted above the clerk computer, and a sticky note on the computer itself with the windows acct password. I've seen similar lists on the other clerk computers around the stake.
I know some of the users of these computers aren't the most tech literate, and I don't want to add additional hurdles for them, but easily visible password lists are a major security problem in my opinion.
Firstly, does the church provide or recommend any password management software? My work uses Keeper, and I think something like that, or another shared pw repository with per-user access controls, would work well for us.
Is there any church policy on password management that I could point my users towards as a justification for this change?
Recommendations for Password Management
-
mattvchandler
- New Member
- Posts: 5
- Joined: Sun Jan 02, 2011 3:38 pm
-
russellhltn
- Community Administrator
- Posts: 36342
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Recommendations for Password Management
I have not seen any.
If it were me, if suggest the clerks move the password out of view to someplace more hidden from casual observation. Enlist the support of the stake clerk as needed.
If it were me, if suggest the clerks move the password out of view to someplace more hidden from casual observation. Enlist the support of the stake clerk as needed.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
BrianEdwards
- Senior Member
- Posts: 1549
- Joined: Sun Oct 30, 2016 10:42 pm
- Location: Michigan
Re: Recommendations for Password Management
Like many others, I've been in church buildings where the clerk's office remains open and unattended for long periods of time on Sundays, so I understand your concerns. Regarding zoom account passwords, my experience is that they are often shared via email with others, which is an inherently open-door policy for re-sharing without leader knowledge. There's nothing sensitive about a church Zoom account, although having random members accessing the Zoom account wouldn't be what's desired.
And I don't know what sensitive data is stored on a clerk's computer that does not require a leader login. GHB 33.9.1.2 "Shared Computers and Data Storage" indicates that simply logging onto a clerk's computer shouldn't provide access to unauthorized information.
I fully support better password privacy practices to protect church accounts, just thinking out loud about this specific scenario.
And I don't know what sensitive data is stored on a clerk's computer that does not require a leader login. GHB 33.9.1.2 "Shared Computers and Data Storage" indicates that simply logging onto a clerk's computer shouldn't provide access to unauthorized information.
I fully support better password privacy practices to protect church accounts, just thinking out loud about this specific scenario.
-
sbradshaw
- Community Moderators
- Posts: 6683
- Joined: Mon Sep 26, 2011 9:42 pm
- Location: Utah
Re: Recommendations for Password Management
At a minimum, I would request that the clerks move the passwords list to a drawer or file cabinet (preferably locked). They can be accessed when needed, without being visible to anyone who wanders by.
Samuel Bradshaw • If you desire to serve God, you are called to the work.
-
djatropine
- New Member
- Posts: 6
- Joined: Wed Nov 08, 2023 11:05 am
- Location: Northwest Mississippi
Re: Recommendations for Password Management
have you ever looked into a combination of tomb file encryption & keepassxc ?