How should a business keep its passwords safe - password software?

First, let me give you few tips to help you generate strong passwords:

* Combine letters, numbers and symbols when choosing a password.

* Do not use easy to guess words that are significant to you and easy for others to guess.

* Replace letters, such an “O” with a zero or an “I” with a “1.”

* Use longer passwords rather than shorter ones.

Second, you should consider using a password management software.

They offer solutions for securely storing, managing and protecting user passwords,

PIN codes and other sensitive data in a handy location.

Password programs can be web-based, desktop-based or portable.

Personally, I'm using a desktop-based software called Impassable (by Softarama Systems),

for both generating my strong passwords and keeping them safe in one place.

Aside from the technical issues, I'd suggest you devote some time to forming a Company Network Security & Use Policy.

I've seen several 'home made' & sub-standard 'pro' networks that had no policy &/or system configuration to lock down the network to prevent data "leakage", or security, or control levels of access; personnel departure procedures; Administrative control hierarchy; and so on.

With no solid foundation, many open ended issues develop that require protracted solutions which eat up valuable time and resources, not to mention the security lapse from sudden personnel changes.

Try your best to keep a tight rein on these potential pitfalls from the start, and blend policy with hardware configurations to meet those goals...

For instance, having employees create passwords is not a good idea.

In a sudden (and perhaps hostile) departure, there might not be a method to recover that PW.

PW creation should be handled by the longest tenure-expected person and senior executive, using a pre-assembled table which is kept in a vault and a copy with the attorney.

Then there is control, with modification limited to a select few.

Other topics need scrutiny for company-wide protocols as well.

I like OpenID.

Some businesses require employees to change passwords on a periodic basis, and this seems to fit with at least some readily available software.

Key executives may need access to most of the business data, and may need to know physical locations of off-site backups.

Some businesses forbid on-premises use of cameras, personal devices, etc.

First thing's first, Hire an out side penetration tester to come in and try and crack your system. Once they get in (they will) have them show you the weaknesses that they found. If you think that you can do a pen test your-self then there is a operating system called backtrack 4 r2 . I would also look at John the ripper and other dictionary attacks. Remember the best way to keep a cracker/black hat out is to know how they think ;)

hope this helps