3
iaan
3y

Not super ranty but what I’m interested in how passwords are managed in your organisation?

I feel dirty receiving passwords through slack and having a spreadsheet on a shared drive seems like madness.

I’ve worked at organisations before that have a single login to a password manager. However theoretically I still have access to that as no one would have changed the password.

Organisational password manager softwares are really expensive!

Comments
  • 2
    Most of us use lastpass and use it to share stuff as well, but I'm personally considering switching to a different one
  • 1
  • 1
    Keepass(XC) allows shared database with certificates nowadays.
  • 0
    @alexbrooklyn I use 1Password outside of work and it’s great. I haven’t explored the sharing of stuff on it yet though.
  • 0
    I use lastpass still, but it's really been annoying me lately. If I cared just a bit more I'd replace it, but I don't so lastpass it is
  • 2
    We have a custom solution in our own enterprise suite for any shared passwords. Users/Usergroups that can view or edit the passwords can be defined for each entry. The passwords are thus saved in a database on a server in encrypted form. Any password which is sent out at all is considered compromised and will need to be changed - so no passwords in slack or (*shrug*) email.
    Oh and personal password are obviously set by the employee itself and in their own responsibility.
  • 0
    @saucyatom password organisation goals 😍
  • 0
    Mostly sticky notes... Our standard is one note per password lined up in the bottom right hand corner of our monitor.
  • 1
    @iaan I would say rsa based authentication could beat it, it's just that nobody uses rsa keypairs and there are 0 standards for certificates to pass permissions on to other identities.
  • 1
    @iaan It really sounds more fancy than it is. I can get access to any client system passwords (teamviewer, our company's domain account (admin), full db access), but then I also need that to troubleshoot their system or deal with upgrades and so on, so how would it be different. Some other stuff (like from management) is not available to me. Everything that is user-based, like your Domain account (for Windows & Outlook) and Microsoft account (Visual Studio), is either set by yourself at the admin's desk (if possible) or given with a random initial password.
    Certainly much better than a bunch of key-dbs which are all-or-nothing, but not so much better than what should be the minimum standard. Or maybe it is, but I just lack the (worse) experience.
  • 0
    Trying to implement Passbolt in the organisation
  • 0
    KeePass/macpass for local storage
    OneLogin for logging in to our AWS and product environments
  • 0
    Just use a 2FA, or MFA solution...
  • 0
    @magicMirror 2FA / MFA are features of a specific implementation. I think this rant/question is about handling passwords of third party services / customers that have to be shared, which is a completely different topic.
    I agree that 2FA should be used whenever possible though. We use OTP for our company VPN.
Add Comment