Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security
Security Tools - Password and Digital Cryptographic Key Escrow Service
This article explains procedures for a service offered by IT Services to store passwords and digital keys in escrow.
Occasionally, some groups may wish to securely store passwords and/or digital cryptographic keys with a third party to prevent the loss through any number of factors. The University of Chicago IT Security offers an escrow service for this purpose.
What we do for you:
- We will take a sealed escrow packet from you.
- We will store this packet in a fire safe until you (or a registered designate) ask for it back. IT Security will never see the contents of the packet.
How the process works:
Giving us your escrow packet:
To store your passwords, we need the following from you:
- A sealed envelope containing the materials you wish to escrow. We suggest that you put a signature across the seal, but it is not required.
- A completed IT Security Escrow Form for Passwords and Electronic Cryptographic Keys
IT Security will then take these two items, seal them in an envelope, and store them in our safe. You will be given a copy of the Escrow Form to retain as a receipt. Periodically, we may send email reminders. You will be expected to reply to these emails so that IT Security knows that you have not abandoned your escrow packet.
Retrieving your escrow packet:
When you wish to retrieve your passwords from the safe, you must contact us to set up an appointment at least 1 business day in advance. A University ID will be required to pick up the escrowed packet.
Once you have retrieved the packet, we will send email notifications to the individuals listed on the form as a person/group to notify when a packet is retrieved. If you wish, you may then re-seal the envelope and re-escrow the packet.
Retrieving escrowed packets when no authorized person is locatable:
Only a Senior Director or Department Administrator may retrieve escrowed packets from the safe if no authorized individual can be located. He or she must retrieve the packet (or submit a new list of authorized retrievers) in person.
Abandoned escrow packet:
If IT Security has sent you three or more emails asking you to confirm continued usage of our escrow service and has received no reply, your escrowed packet will be considered abandoned. If the packet is abandoned, IT Security will open the packet (not the envelope), email the contact list, and properly destroy the escrowed material.
In the extremely unlikely event that we are forced by subpoena to turn over your passwords to a law enforcement agency or the University's General Counsel, it is possible that we would be forbidden to disclose that information to you.