Password manager options for multi-user?

guyinpv

I've read through this thread already: https://mangolassi.it/topic/15036/password-managers/113

I have all my passwords in LastPass (a free personal account) as well as business stuff in KeyPass which is stored in a NextCloud folder.

I'd like to share out sets of passwords without having to give it all away. A user-based system or perhaps user groups would be nice. I'd like to share passwords one by one to certain people, or just share a folder of passwords to a user/group, etc.

KeyPass would be hard to do this. I suspect I'd have to just split stuff into multiple files and give the master pass to certain people. This could get hard to maintain, especially if I need to have the same account in multiple files.

Then there is LastPass with a paid account for business (and other similar services). I like LP and have used it for years, but it does have quirks. It autofills wrong, it sometimes wants to overwrite/update a password when it shouldn't, it might not detect the domain properly if the login page can show up via multiple domains, etc etc.
In other words, it might be too much of a learning curve to make all our users figure it out, and too dangerous that they might overwrite passwords.

I'd rather have more of a "lookup" style where if they want to log in somewhere, they have to search for and find the password, then copy/paste it over. Much less danger of auto-stuff going on, and accidental wipes of the passwords.

It should also store attachments, specifically storing things like key files if needed.

I've got a list here, with LP, keeweb.info, enpass.io, Bitwarden.com, KeePassXC.

Supposedly there is also a keypass connection via NextCloud plugin, or some other plugin in NC, but nobody has given that good reviews, haven't looked into it.

My ideal situation is a multi-user offline interface. Something with an icon on my user's desktops, similar to how KeyPass works, but uses a saas type sync service or what-not.

Then everybody just looks at their specific list of stuff based on how the root/admin user shares it out.
Of course they could have either/both view and edit abilities as needed. And if someone edits one, it could alter the admin and even keep a record of the previous one. Like an audit trail.

I mean seriously, multi-user password management is like, there is nothing that great out there. With encryption and all that. We could obviously just use some kind of multi-user note taking app, but that isn't quite as secure as we'd like.

JaredBusch

@guyinpv said in Password manager options for multi-user?:

I like LP and have used it for years, but it does have quirks. It autofills wrong, it sometimes wants to overwrite/update a password when it shouldn't, it might not detect the domain properly if the login page can show up via multiple domains, etc etc.

Actually, it never autofills unless you let it. So it is simple to fix that by just disabling autofill and clicking on the icon to get the list.

As for detecting domains, this is pretty rare in my experience. But I have encountered it.

In this case you simply add the equivalent domain. Fro the very few I encounter, it is a set and forget.

Dashrender

Also, you don't have to give edit rights to the passwords you share to others, so little risk to shared info. In LP anyway.

coliver

I use Bitwarden at the moment and really like it. Open source and if you have concerns about their SaaS app you can self host it. It doesn't Autofill unless you tell it to (and even then the autofill is less then stellar, but I don't use that feature so it doesn't effect me).

Kelly

Just ran across this one while looking for another one that I can't remember the name of: https://www.passbolt.com/.

Kelly

There it is. Secret server from Thycotic: https://thycotic.com/solutions/free-it-tools/secret-server-free/.

JaredBusch

@Kelly said in Password manager options for multi-user?:

There it is. Secret server from Thycotic: https://thycotic.com/solutions/free-it-tools/secret-server-free/.

/wtb pricing

Kelly

@JaredBusch said in Password manager options for multi-user?:

@Kelly said in Password manager options for multi-user?:

There it is. Secret server from Thycotic: https://thycotic.com/solutions/free-it-tools/secret-server-free/.

/wtb pricing

Their not free tool has a ton of PAM features that aren't in most password managers so I'm guessing that it isn't cheap. But, like so many vendors, you have to give them your contact info to get the basics it looks like.

JaredBusch

@Kelly said in Password manager options for multi-user?:

@JaredBusch said in Password manager options for multi-user?:

@Kelly said in Password manager options for multi-user?:

There it is. Secret server from Thycotic: https://thycotic.com/solutions/free-it-tools/secret-server-free/.

/wtb pricing

Their not free tool has a ton of PAM features that aren't in most password managers so I'm guessing that it isn't cheap. But, like so many vendors, you have to give them your contact info to get the basics it looks like.

Our company use would fit in the free tool and I will probably try it out as it looks nice.

But I hate request a quote shit..

Dashrender

@JaredBusch said in Password manager options for multi-user?:

@Kelly said in Password manager options for multi-user?:

There it is. Secret server from Thycotic: https://thycotic.com/solutions/free-it-tools/secret-server-free/.

/wtb pricing

I think I've seen these guys at a show. They are stupid expensive If I recall.. .like a few hundred per user a year.

guyinpv

@Dashrender said in Password manager options for multi-user?:

Also, you don't have to give edit rights to the passwords you share to others, so little risk to shared info. In LP anyway.

This is paid version of LP I presume? I have to buy licenses for all employees here?

I have my free version and other people have shared passwords with me, but I think they were on paid versions.

JaredBusch

@guyinpv said in Password manager options for multi-user?:

@Dashrender said in Password manager options for multi-user?:

Also, you don't have to give edit rights to the passwords you share to others, so little risk to shared info. In LP anyway.

This is paid version of LP I presume? I have to buy licenses for all employees here?

I have my free version and other people have shared passwords with me, but I think they were on paid versions.

A person with a paid subscription can share to others without one.

But You jsut said for your team, so getting everyone a subscription should be a trivial cost.

wrx7m

@Kelly _ i have been going back and forth between Thycotic and Beyond Trust on which to go with for PAM/Application control

Kelly

@wrx7m said in Password manager options for multi-user?:

@Kelly _ i have been going back and forth between Thycotic and Beyond Trust on which to go with for PAM/Application control

Thycotic has a free demo, so worth a whirl if you haven't. I personally haven't used the second, and only minimally the first.

flaxking

In my notes I have syspass.org and passbolt.com
Haven't tried either, probably noted them after someone mentioned them here