NSIT: Computing, Networks & Phones

Quick Links:

• Announcements
• Tips & Guidance
• IT Policies
• Rates
• About NSIT
• Resources for IT Staff
• Quick Start Welcome Guide

Search NSIT using Google:

Services only
All NSIT

Home > Services > Technical Tools & Resources for IT Staff > Password Escrow

Technical Tools & Resources for IT Staff

Security Tools - Password and Electronic Cryptographic Key Escrow Service

Occasionally, some groups may wish to securely store passwords and/or electronic cryptographic keys with a third party to prevent the loss through any number of factors. The University of Chicago Network Security Center (NSC) offers an escrow service for this purpose.

What we do for you:

• We will take a sealed escrow packet from you.
• We will store this packet in a fire safe until you (or a registered designate) ask for it back. Network Security will never see the contents of the packet.

How the process works:

Giving us your escrow packet:

To store your passwords, we need the following from you:

• A sealed envelope containing the materials you wish to escrow. We suggest that you put a signature across the seal, but it is not required.
• A completed NSC Escrow Form for Passwords and Electronic Cryptographic Keys

The NSC will then take these two items, seal them in an envelope, and store them in our safe. You will be given a copy of the Escrow Form to retain as a receipt. Periodically, we may send email reminders.  You will be expected to reply to these emails so that the NSC knows that you have not abandoned your escrow packet.

Retrieving your escrow packet:

When you wish to retrieve your passwords from the safe, you must contact us to set up an appointment at least 1 business day in advance.  A University ID will be required to pick up the escrowed packet.

Once you have retrieved the packet, we will send email notifications to the individuals listed on the form as a person/group to notify when a packet is retrieved.  If you wish, you may then re-seal the envelope and re-escrow the packet.

Retrieving escrowed packets when no authorized person is locatable:

Only a Senior Director or Department Administrator may retrieve escrowed packets from the safe if no authorized individual can be located. He or she must retrieve the packet (or submit a new list of authorized retrievers) in person.

Abandoned escrow packet:

If the NSC has sent you three or more emails asking you to confirm continued usage of our escrow service and has received no reply, your escrowed packet will be considered abandoned. If the packet is abandoned, the NSC will open the packet (not the envelope), email the contact list, and properly destroy the escrowed material.

Legal note:

In the extremely unlikely event that we are forced by subpoena to turn over your passwords to a law enforcement agency or the University's General Counsel, it is possible that we would be forbidden to disclose that information to you.