Recommendation on a corporation wide password manager
-
Jörgen Andersson wrote:
a password manager where we can share passwords
:omg: Am I missing something here, sharing passwords? Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
GuyThiebaut wrote:
Am I missing something here
yes. my wife and I share a netflix account. she holds the password and shares with me. same applies to certain business accounts too. rare, but it does happen/is needed.
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
I was searching for a password manager days ago... I ended with Keepass as it's local and it does all I need after I backupped it's database into my NAS. I was in doubt with Bitwarden which seems to be the new password manager out there... Open source, free and paid options, you can host it into your own server via docker... Worth checking it.
www.robotecnik.com[^] - robots, CNC and PLC programming
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
It is better to not use passwords at all or at least use two-factor authentication. Look at the FIDO standard (U2F and FIDO2). You can use the Hideez Key device which is both a password manager and a FIDO key.
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
1Password is the best you can get for this kind of purpose
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
Jörgen Andersson wrote:
a password manager where we can share passwords
:omg: Am I missing something here, sharing passwords? Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
We use one to share service account passwords between developers and system admins. Service accounts are used in automation processes accessing AD and such.
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
Simplest thing is just to use the last 8 digits of pi. That's always worked for me, and no one has ever guessed it.
-
Simplest thing is just to use the last 8 digits of pi. That's always worked for me, and no one has ever guessed it.
Tried that with some added complexity using -eiπ, but it didn't work. :sigh:
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
I heartily recommend: Thycotic Secret Server[^] It has AD integration, cloud or on-prem, auto password changing for network accounts, encryption, and a lot more. (I am not affiliated with the company in any way, but we use this in at my place of business, numbering ~750 employees).
-
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind. What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually. Preferably integrated with active directory to make administration easier. What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
Jörgen Andersson wrote:
a password manager where we can share passwords
:omg: Am I missing something here, sharing passwords? Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
Guy, I agree. The only possible implementation IMHO. Slacker007 (reply below) shares a Netflix password with his wife. One day, the marriage is falling apart and one party subscribes to every single thing you can with that password, then leaves home just before the first bill comes, never to be seen again. RandMan7557 (also reply below), shares passwords between devs & sysadmins. One day, the whole system is attacked because a digruntled staff member told his mate the hacker the password. Who's guilty? You'll never know.