Deploying a password manager product to an entire company?
-
Without knowing your exact use case, I would just have people signup as required. Unless you're paying for each and every employee.
In any case, you're going to have to hand hold every employee, walk them through the OTP setup, recovery questions, cellphone details as I don't think there is any way you can do this for them.
-
@DarienA said in Deploying a password manager product to an entire company?:
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA said in Deploying a password manager product to an entire company?:
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.
Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?
We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.
By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.
Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.
-
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA said in Deploying a password manager product to an entire company?:
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA said in Deploying a password manager product to an entire company?:
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.
Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?
We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.
By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.
Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.
Understood.
-
@DarienA said in Deploying a password manager product to an entire company?:
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA said in Deploying a password manager product to an entire company?:
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA said in Deploying a password manager product to an entire company?:
@DustinB3403 said in Deploying a password manager product to an entire company?:
@DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.
Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?
We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.
By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.
Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.
Understood.
You can always provide their account a license in your corporate account so that that can add services if you needed.
-
I have started a slow rollout of this at my company. it's not going very well for multiple reasons.
- my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
- my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually. - Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
5)LP won't fillout passwords for sites/applications inside a Citrix session - Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)
Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.
-
@Dashrender said in Deploying a password manager product to an entire company?:
my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
Because, I don't know, HIPAA?
-
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
Because, I don't know, HIPAA?
Don't get me started.
-
@Dashrender said in Deploying a password manager product to an entire company?:
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
Because, I don't know, HIPAA?
Don't get me started.
Why does HIPAA never do audits? I'm so upset that the government made a security standard so low, and then even ruins that by have zero enforcement.
-
@Dashrender said in Deploying a password manager product to an entire company?:
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
Because, I don't know, HIPAA?
Don't get me started.
Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.
-
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
Because, I don't know, HIPAA?
hahaha that's funny.
-
@Dashrender said in Deploying a password manager product to an entire company?:
I have started a slow rollout of this at my company. it's not going very well for multiple reasons.
- my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
- my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually. - Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
5)LP won't fillout passwords for sites/applications inside a Citrix session - Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)
Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.
I feel your struggle. At least for 1 LP offers some nice plan english security descriptions of their service and for 2 you can force only be logged onto one device at a time as rule (I think there's a timeout setting as well).
-
@Dashrender said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
Because, I don't know, HIPAA?
Don't get me started.
Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.
I did a camera installation for a doctor purchased from CostCo - maybe $350 because HIPAA. Checked his office PC's. All running XP, transacting over the internet after 7 had been out for over 5 years. Got him a quote for all 8 workstations updated to 7 and a mini server with backups for around $8k. He turned red, choked and almost died on the spot.
-
@DarienA said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
I have started a slow rollout of this at my company. it's not going very well for multiple reasons.
- my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
- my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually. - Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
5)LP won't fillout passwords for sites/applications inside a Citrix session - Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)
Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.
I feel your struggle. At least for 1 LP offers some nice plan english security descriptions of their service and for 2 you can force only be logged onto one device at a time as rule (I think there's a timeout setting as well).
Because my manager/boss doesn't like it - and the doctors will refuse to use it due to using literally dozens of computers, many of which we do not manage, so LP won't be on them - there is no way management/the board would approve purchasing LP Enterprise for staff.
-
@scotth said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
Because, I don't know, HIPAA?
Don't get me started.
Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.
I did a camera installation for a doctor purchased from CostCo - maybe $350 because HIPAA. Checked his office PC's. All running XP, transacting over the internet after 7 had been out for over 5 years. Got him a quote for all 8 workstations updated to 7 and a mini server with backups for around $8k. He turned red, choked and almost died on the spot.
Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y. I'm in no way surprised he choked.
-
@Dashrender said in Deploying a password manager product to an entire company?:
Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y
How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.
-
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y
How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.
Don't ask me - just some stat I read in a journal years ago.... I suppose it could be higher today.
-
HIPAA is so lax that the only real solution is to throw it out and replace it with something decent like in the EU. EU is definitely the leader in privacy.
-
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y
How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.
A walmart manager makes $240k in a low cost area?
-
@IRJ said in Deploying a password manager product to an entire company?:
@scottalanmiller said in Deploying a password manager product to an entire company?:
@Dashrender said in Deploying a password manager product to an entire company?:
Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y
How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.
A walmart manager makes $240k in a low cost area?
Department manager, yes. Store managers, way more.
-
Walmart store manager near me (I'm in one of the lowest cost major metros in the country) was in the $400K range. Which makes sense if you think about the volume of business a Walmart does and their need to have skilled people in those roles. If you can't pay prevailing wages, you'd be screwed. Department managers (real ones, not office managers) in finance can be $300-850K in a low cost area (easily seven figures in high cost ones) as a comparison for a competitive type job that depends primarily on broad management and business skills.