Recommendation on a corporation wide password manager
-
Jörgen Andersson wrote:
a password manager where we can share passwords
:omg: Am I missing something here, sharing passwords? Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
It would give us the possibility to NOT send passwords over mail or other external or unencrypted services. But also for external services where we have a single account for the company.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
if u want a total on premise solution you need to contact sales people of companies like last pass and give you a offer if they still sell it ...(if you have a proper it department and all) ... they could give you a quote for per user on premise license .. it could have ldap integration etc... another is hxxxps://www.roboform.com/business xxx://psono.com/features-for-users xxx://www.passbolt.com/pricing/pro xxx://passwork.me/ xxx://passwork.pro/ xxx://pleasantsolutions.com/passwordserver/details/features xxx://www.okta.com/products/single-sign-on/
Caveat Emptor. "Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
Jörgen Andersson wrote:
a password manager where we can share passwords
:omg: Am I missing something here, sharing passwords? Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
GuyThiebaut wrote:
Am I missing something here
yes. my wife and I share a netflix account. she holds the password and shares with me. same applies to certain business accounts too. rare, but it does happen/is needed.
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
I was searching for a password manager days ago... I ended with Keepass as it's local and it does all I need after I backupped it's database into my NAS. I was in doubt with Bitwarden which seems to be the new password manager out there... Open source, free and paid options, you can host it into your own server via docker... Worth checking it.
www.robotecnik.com[^] - robots, CNC and PLC programming
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
It is better to not use passwords at all or at least use two-factor authentication. Look at the FIDO standard (U2F and FIDO2). You can use the Hideez Key device which is both a password manager and a FIDO key.
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
1Password is the best you can get for this kind of purpose
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
Jörgen Andersson wrote:
a password manager where we can share passwords
:omg: Am I missing something here, sharing passwords? Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
We use one to share service account passwords between developers and system admins. Service accounts are used in automation processes accessing AD and such.
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
Simplest thing is just to use the last 8 digits of pi. That's always worked for me, and no one has ever guessed it.
-
Simplest thing is just to use the last 8 digits of pi. That's always worked for me, and no one has ever guessed it.
Tried that with some added complexity using -eiπ, but it didn't work. :sigh:
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
I heartily recommend: Thycotic Secret Server[^] It has AD integration, cloud or on-prem, auto password changing for network accounts, encryption, and a lot more. (I am not affiliated with the company in any way, but we use this in at my place of business, numbering ~750 employees).
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
Jörgen Andersson wrote:
a password manager where we can share passwords
:omg: Am I missing something here, sharing passwords? Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
Guy, I agree. The only possible implementation IMHO. Slacker007 (reply below) shares a Netflix password with his wife. One day, the marriage is falling apart and one party subscribes to every single thing you can with that password, then leaves home just before the first bill comes, never to be seen again. RandMan7557 (also reply below), shares passwords between devs & sysadmins. One day, the whole system is attacked because a digruntled staff member told his mate the hacker the password. Who's guilty? You'll never know.
