Skip to main content
Andrew Healey

The Most Important Thing You Haven't Done With Your Password Manager

·2 mins
Technology Security Password-Management Estate-Planning

This afternoon, I’m attending the funeral for a coworker we lost last weekend. Over the course of the next week or two, we’ll be assisting his family gain access to the many online services he had managed. Each time I’ve experienced a tragedy like this, I’ve seen the families struggle with the digital footprint and account access of their lost loved one. Like life insurance, emergency access to online services is too often an item on our to-do list, rarely ever getting completed. Password managers help families in these situations. They act as a consolidated list of the accounts making up one’s digital footprint. However, if emergency access has not been set up, they provide no help and access becomes a major hurdle to overcome for a grieving family.

Even with power of attorney or a death certificate, the design of these services prevents the software makers from unlocking it or providing access. There are no back doors, nor should there be. As biometric authentication becomes more and more integrated into our everyday gadgets, additional challenges are presented to loved ones after their loss. This is also true when multi-factor authentication is in use. When families most need access to these digital resources, their access is denied. They can’t access contacts or download images from their loved one’s phone. They can’t log in to insurance or financial sites to help with funeral or memorial arrangements.

Last week, I asked several coworkers (all career IT professionals) if their spouse or partner would be able to access their secured data if they passed away or became incapacitated. Every one of them told me, “No.” Most had faith that a friend or coworker would be able to hack their way in. It was something on their to-do list or which they’d knock out as soon as they got home from work. I doubt any of them did.

I beg you. Please take 15 minutes out of your day today and set up emergency access to your password manager. Document the backup pin/code for biometric systems or MFA configurations.

Here’s how to set up emergency access for the most popular password managers:

While this discussion is a bit old, it also provides some valuable insight for setting up emergency access to your data: How can I give my wife emergency access to logins, passwords, etc.?

Related

Retrieving Password from Application Pool

·3 mins
Technology Iis Microsoft Security Vbscript
I came across an undocumented app the other day. For a number of reasons, we needed to restore the password but it wasn’t documented anywhere. Luckily, the service account was setup in an app pool. In IIS 7.0 or 7.5, APPCMD can be used to recover the password. In 6.0, adsutil.vbs can be used. cscript.exe /nologo adsutil.vbs GET W3SVC/AppPools/AppPoolName/WAMUserPass However, I wanted to write my own little script. Having a little tidbit makes it easy to reuse later for other clients. For example, I could search AD for SPNs starting with “HTTP”, loop through each of their app pools and document the username and passwords for all service accounts used in this fashion. So, here is the little tidbit I threw together.

The Power of Scripting: Finding Morto.A

·6 mins
Technology Microsoft Morto Security Vbscript
Here I go on another vbScript tutorial. You might ask why I’m not doing this in powershell yet and it is simple: I still run into 2003 and XP environments. Oh yeah, and this works. I don’t care what scripting language I’m writing in if it gets the job done; you shouldn’t either. My $0.02. If you want to download this script, click here: Morto.A Detection Script. A had to do a little cleanup on a network from the Morto.A worm. The first thing I wanted to do was find out how bad things were. They were reporting a DDOS across their LAN (mostly 3389) and a lot of other issues. It as obvious we were going to need to rebuild a few systems but we wanted to get a grasp out of what the damage was. This were generally working: logons, shares, etc.

Part 3: Blocking Bad Hosts - Blocking Them, Easily (CLI Edition)

·3 mins
Technology Ipsec Security Tutorial
In part two, I showed you how to use the Local Security Policy GUI to block the bad guys. There were a lot of pretty pictures for those that prefer the GUI. In this version, I’ll show you how to accomplish the same thing from the command line. This is my preferred method. It is much simpler to automate and explain. By following the steps below, you will be able to create a new policy and manage the filter lists and actions. The goal here will be to put all these pieces together into a nice tidy package that is fully automated.