LastPass password sharing
-
@technobabble said:
Side note question:
If the person's workstation is compromised will it matter if you send a password in secure email?probably not, I guess it would depend more on what the compromise is doing, screen captures, keylogging, etc. For example, if it was only doing keylogging, and the user never typed the password they received in the secure email, I guess the hackers wouldn't get it.. .but how likely is that?
-
Why would they not want to sign up for LastPass? Maybe make that a condition of you helping them.
-
The other idea is to not send them passwords, because you have no plausible deniability on knowing their password. Just make them go through the "reset password" process to setup their own.
-
@Nic said:
The other idea is to not send them passwords, because you have no plausible deniability on knowing their password. Just make them go through the "reset password" process to setup their own.
This is the best option. Then make an admin account if you need to and reset their password in the event you need access.
-
As a generally rule,... I do not want to know ANYONE's password. Even though I am an agent of my agency - it makes ME liable. I don't want that.
Forget your password, fine - I'll reset it,.. or force it. But you have to come up with a new one. And the way passwords are around here done is crazy..
There are SOME I must know. but they are to a device; printer, firewall, admin, etc.
I don't want any user passwords...I can hardly remember my own sometimes.... -
Now I'm really confused - what systems are these uses forgetting their passwords to? I realize that Lastpass pretty much only works for websites - so yeah, assuming the customer wants you to be the primary IT point of contact for their webapps/websites, then absolutely you should have your own logon and password, and assuming their system allows it (think Office 365 as an example) you can manage passwords as needed).
-
You can still store passwords in LastPass for other things and just go in there to copy the password to paste it into any other application.
-
@Dashrender I have this happen a lot with clients. Their email is hacked with a strong password I create, I send them a new one and the next day the hack starts again. They clean the PC of Malware and magically the hack stops.
I guess if its a keylogger it can't read your screen, LOL.
-
@Dashrender We build websites and offer hosting services, which means we setup the email accounts and such....which means creating passwords for users.
-
Why are you creating passwords instead of their being a self service portal yo change passwords? It seems really insecure that you and others have access to customers passwords.
-
I was wondering why you needed their passwords too. I've not had any hosting service that needed my passwords in a very long time.
-
@technobabble said:
@Dashrender We build websites and offer hosting services, which means we setup the email accounts and such....which means creating passwords for users.
Perhaps you meant that you only create the first password, and then when they forget you have to create a new one for them.. though I would think a password reset portal would be a safer option.
-
@Dashrender That is correct.
-
Won't they need a password to access LastPass or am I missing something?
-
@Carnival-Boy said:
Won't they need a password to access LastPass or am I missing something?
Yes.
LastPass sharing is completely not for this.
-
We use WHM/cPanel for our hosting. At the moment, you can't change your own password unless you know the original (useless for those who forgot the password). According to cPanel support, they will be adding it soon.
-
@technobabble said:
We use WHM/cPanel for our hosting. At the moment, you can't change your own password unless you know the original (useless for those who forgot the password). According to cPanel support, they will be adding it soon.
Can't you solve this by having your own account in their cPanel, then use your account (you use) to reset their password?
-
I would never want access to all of my clients passwords. Thats a lot of added responsibility and risk.
My preferred method of password distribution has always been carrier pigeon.
Seriously though, sometimes you just have to accommodate certain customers they may not be ready for / have the money for / or understand the most effective method to doing something.
-
This post is deleted!
