(Compliance) Creating a Secure 3 - Person System Root Password

Three heads are better that one!

Sometimes, simplicity is better! If you need to keep the system root password secure and do not want to spend a ton of money on software, compliance audits and consulting, use this method to generate your root passwords. This method does require 2 - 3 people, as each will be generating a portion of the key. Of course you can change the parameters to suit you needs. In this example, 3 people will be responsible for creating 8 characters of a 24 character key. Simply follow the steps below.

  1. Start with a piece of standard copy paper
  2. Have the first person enter 8 characters of the password into the computer and then write those characters on one side and label it (A). Fold the the paper in half, staple closed and leave it for the second person.
  3. Next, have the second person enter 8 more characters into the computer and write those characters on the blank side and label it (B). Fold the paper in half, staple closed and leave it for the third person.
  4. Then, have the third person enter 8 more characters into the computer and write those characters on the blank side and label it (C). Fold the paper in half, staple closed and seal it in an envelope labeled with the system name, then set it in a safe place, preferably in a D.U.M.B. where no one can ever get to that Gold key. It's not likely to be any cave-ins in those places - right?

When the computer asks you to verify the password, have each individual in order enter their portion of the key. There you have it, a 3 person 24 character key. Use this method if none of the system adminsitrators need to use the root password and have set up 'sudo' for their needs. If you ever need the password, you can retrieve it from the safe location and when fishined use the same method to create a new one. The more random each person's key is the better. Do not use any portion of the key as a part of another password on any system.


Peace be unto you. Thank you for visiting!