nuxsmin / sysPass

Systems Password Manager
https://syspass.org
GNU General Public License v3.0
976 stars 208 forks source link

REF: Implement emergency contact notification or "dead switch" #1168

Open MagicFab opened 5 years ago

MagicFab commented 5 years ago

In places where IT is an individual responsibility / task, it would be useful to have a "dead man switch" in case such individual is not available anymore (for any reason, including moving to another position, changing jobs, sickness, death, etc.).

In such an event, an emergency contact would be emailed instructions on how to access the sysPass data. The information would be a simple email indicating where the data is, how to export/restore/access it, etc. The content of the email itself is debatable, it should follow IT best practices.

Master password should be kept/shared following such practices too, for example by keeping it in owners/managers physicial safe/Keepass personal file, etc.

Other software implement this:

This issue was inspired by this Reddit thread:

https://www.reddit.com/r/sysadmin/comments/a7l6p1/a_deadmans_switch_for_the_sole_sysadmin_of_a/

deajan commented 5 years ago

In our setup, the 'deadman' switch is a closed envelope, containing the printed version of the master password, admin account, and root access to the server itself. Even if it's a good idea, I think mailing the master password would be a security issue since no one can guarantee the mail traffic not being sniffed.

MagicFab commented 5 years ago

Yes, we agree no password information should ever be sent by email.