Centralized password manager
-
We currently use a password protected OneNote doc hosted on SharePoint. However, it is far too easy to easily delete an entry when you are copying the passwords out of the document. Our senior techs are very careful, but I'm concerned about new staff, etc accidentally deleting passwords.
@scottalanmiller , How are you liking the SharePoint Wiki for passwords? Deleting entries is a non issue since it is a webpage.
-
@Ambarishrh said in Centralized password manager:
@StrongBad said:
Keepass is pretty good. You can host it on DropBox or ownCloud or whatever to share it.
Looks like a good option, nothing to maintain as a central repo, i hope the same file can be used on different machines same time via dropbox
My problem with this is dealing with conflicting versions when two people change something different in between sync cycles.
This is the #1 reason I do not like KeePass. You are syncing a full DB file. There is nothing to sync specific changes.
-
@JaredBusch What do you use?
-
@fuznutz04 said in Centralized password manager:
@JaredBusch What do you use?
I have been using LastPass since 2007 or so.
The standard $12 subscription lets you share a folder. So I made a
"Company" folder with subfolders for each client. and shared the Company folder out.For a small consultancy like ours, it works well.
-
@JaredBusch said in Centralized password manager:
@fuznutz04 said in Centralized password manager:
@JaredBusch What do you use?
I have been using LastPass since 2007 or so.
The standard $12 subscription lets you share a folder. So I made a
"Company" folder with subfolders for each client. and shared the Company folder out.For a small consultancy like ours, it works well.
$12 per month, or per year?
Also... how did you handle the LastPass breach?
-
@dafyre said in Centralized password manager:
@JaredBusch said in Centralized password manager:
@fuznutz04 said in Centralized password manager:
@JaredBusch What do you use?
I have been using LastPass since 2007 or so.
The standard $12 subscription lets you share a folder. So I made a
"Company" folder with subfolders for each client. and shared the Company folder out.For a small consultancy like ours, it works well.
$12 per month, or per year?
Per year.
Also... how did you handle the LastPass breach?
I had 2fa turned on using Google Authenticator, so change password and roll along.
-
@dafyre said in Centralized password manager:
@JaredBusch said in Centralized password manager:
@fuznutz04 said in Centralized password manager:
@JaredBusch What do you use?
I have been using LastPass since 2007 or so.
The standard $12 subscription lets you share a folder. So I made a
"Company" folder with subfolders for each client. and shared the Company folder out.For a small consultancy like ours, it works well.
$12 per month, or per year?
Also... how did you handle the LastPass breach?
Per year, and I changed my password. Nothing else needed. I do not have 2FA enabled because I feel getting a text or something to the same damned device I am logging in on defeats the purpose of 2FA. My current LastPass password is a phrase about 30 characters long or so. I have lastpass set to log out automatically when my browsers close, etc.
-
Going forward there is going to be an internal use tool for documentation, credentials and various other things. Locked down on a server, and encrypted up the wazoo, with all manner of permissions and restrictions so you can be specific who can see what for each client.
So excited, I've not found anything else like it IT Glue comes close on a few features but is over-priced and lacking in areas.
-
@Breffni-Potter What is the name of the tool? Or is this something developed in house?
-
@fuznutz04 said in Centralized password manager:
@Breffni-Potter What is the name of the tool? Or is this something developed in house?
The plan is to make it public at some point but I want to eat my own food first before letting the universe have it, it's a complete in house project but actually I think we could spin it out.
On the other hand if it's a complete disaster, we'll go back to market and try to find a tool...sadly it does not exist.
-
@scottalanmiller said in Centralized password manager:
@Ambarishrh said:
@scottalanmiller How do you use Sharepoint, is it just a site with details on it or something more complicated?
Just a wiki page with the details locked down to just the people who need it.
Hopefully, you excluded that page from SharePoint Search and similar indexers and crawlers
-
@JaredBusch said in Centralized password manager:
@dafyre said in Centralized password manager:
@JaredBusch said in Centralized password manager:
@fuznutz04 said in Centralized password manager:
@JaredBusch What do you use?
I have been using LastPass since 2007 or so.
The standard $12 subscription lets you share a folder. So I made a
"Company" folder with subfolders for each client. and shared the Company folder out.For a small consultancy like ours, it works well.
$12 per month, or per year?
Also... how did you handle the LastPass breach?
Per year, and I changed my password. Nothing else needed. I do not have 2FA enabled because I feel getting a text or something to the same damned device I am logging in on defeats the purpose of 2FA. My current LastPass password is a phrase about 30 characters long or so. I have lastpass set to log out automatically when my browsers close, etc.
You can use google authenticator.
-
@Jason said in Centralized password manager:
@JaredBusch said in Centralized password manager:
@dafyre said in Centralized password manager:
@JaredBusch said in Centralized password manager:
@fuznutz04 said in Centralized password manager:
@JaredBusch What do you use?
I have been using LastPass since 2007 or so.
The standard $12 subscription lets you share a folder. So I made a
"Company" folder with subfolders for each client. and shared the Company folder out.For a small consultancy like ours, it works well.
$12 per month, or per year?
Also... how did you handle the LastPass breach?
Per year, and I changed my password. Nothing else needed. I do not have 2FA enabled because I feel getting a text or something to the same damned device I am logging in on defeats the purpose of 2FA. My current LastPass password is a phrase about 30 characters long or so. I have lastpass set to log out automatically when my browsers close, etc.
You can use google authenticator.
That's what I use. I do have it turned off for my phone tho, no point in having the device you get the code from require a code. Don't really use the phone version except to lookup passwords when I'm away from one of my normal computers/browsers.