Challenge 14 ☆☆☆☆

Welcome to challenge 14. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.

Password Managers

When we showed this project to my friend Kees, he asked us: hey isn’t that the same as having a very weak password on your password manager? Because that’s what my colleague did.

So here it is: the password manager challenge! We have set up a Keepass file in the Docker container where we put secret credentials to Alibabacloud in. Can you get it?

Answer to solution :

Why you need to be careful with password to other secrets

Whether you have a password for an enterprise secretsmanagement system or a password manager: your authentication factors make the difference between a breached system and a secure system.

So in simple terms when you authenticate to your password manager directly: - have a strong password (E.g. a lengthy one!) - use MFA if possible - enable any sort of alerting when a new device and/or IP tries to touch it.

If you use SSO: make sure that the system to which you authenticate caters for the same controls: allow for lengthy strong passwords, MFA, and proper security alerts when something spiffy is going on.