Is there a best practice around credential storage?
Alan DeKok
aland at deployingradius.com
Fri Dec 20 13:41:16 CET 2019
On Dec 20, 2019, at 6:43 AM, Sven Hartge <sven at svenhartge.de> wrote:
>
> On 19.12.19 23:42, Coy Hile wrote:
>
>> Is it really industry standard that people store users' passwords in
>> cleartext? It seems to be a requirement, but it is something that gives
>> me pause, as to do so contravenes what are otherwise best practices.
>
> We (my employer) uses a different password for everything related to
> network access, meaning mainling WiFi and VPN.
That works, but it pushes the complexity of password management onto the users. And users are dumb.
i.e. *I* don't want to punish myself by having different passwords for different services. I can't remember them, it's a PITA to manage, and I have better things to do with my time.
Since it's not worth my time, then I believe that other people shouldn't do it, either.
For me, I just use client certificates everywhere. It's supported for EAP, and for all reasonable VPNs.
Alan DeKok.
More information about the Freeradius-Users
mailing list