|
#internetOfShit
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
I've always used Keepass, and while it can be used by several people at the same time there's no ACL of any kind.
What we want is a password manager where we can share passwords with people on both department level and/or role level. As well as being able to share them manually.
Preferably integrated with active directory to make administration easier.
What's around, and what are the pros and cons with them?
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
|
We use LastPass [^] and I believe it does what you need.
|
|
|
|
|
Actually, let me do it. I feel very secure right now.
Send me all necessary credential (financial institutions in bold font, please!) and I'll manage.
. . . aloha . . .
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
W∴ Balboos, GHB wrote: . . . aloha . . .
I think you meant Здравствуйте
|
|
|
|
|
Keith.
He's kind of strict as sysadmins go, and his password restrictions are onerous but he's lovable just the same.
Real programmers use butterflies
|
|
|
|
|
Post-it Notes on Departmental White Board, visible from the street
|
|
|
|
|
Jörgen Andersson wrote: a password manager where we can share passwords
Am I missing something here, sharing passwords?
Isn't the whole purpose of a password that it is not shared?
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
It would give us the possibility to NOT send passwords over mail or other external or unencrypted services.
But also for external services where we have a single account for the company.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
GuyThiebaut wrote: Am I missing something here
yes.
my wife and I share a netflix account. she holds the password and shares with me.
same applies to certain business accounts too. rare, but it does happen/is needed.
|
|
|
|
|
We use one to share service account passwords between developers and system admins. Service accounts are used in automation processes accessing AD and such.
|
|
|
|
|
Guy, I agree. The only possible implementation IMHO.
Slacker007 (reply below) shares a Netflix password with his wife. One day, the marriage is falling apart and one party subscribes to every single thing you can with that password, then leaves home just before the first bill comes, never to be seen again.
RandMan7557 (also reply below), shares passwords between devs & sysadmins. One day, the whole system is attacked because a digruntled staff member told his mate the hacker the password. Who's guilty? You'll never know.
|
|
|
|
|
if u want a total on premise solution you need to contact sales people of companies like last pass and give you a offer if they still sell it ...(if you have a proper it department and all) ... they could give you a quote for per user on premise license .. it could have ldap integration etc... another is hxxxps://www.roboform.com/business
xxx://psono.com/features-for-users
xxx://www.passbolt.com/pricing/pro
xxx://passwork.me/
xxx://passwork.pro/
xxx://pleasantsolutions.com/passwordserver/details/features
xxx://www.okta.com/products/single-sign-on/
Caveat Emptor.
"Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
modified 15-Dec-20 11:25am.
|
|
|
|
|
LastPass has some business offerings. My understanding is that there is one central corporate vault, but an admin controls who gets access to what so yes, passwords in essence can be "shared".
|
|
|
|
|
I was searching for a password manager days ago...
I ended with Keepass as it's local and it does all I need after I backupped it's database into my NAS.
I was in doubt with Bitwarden which seems to be the new password manager out there...
Open source, free and paid options, you can host it into your own server via docker...
Worth checking it.
|
|
|
|
|
It is better to not use passwords at all or at least use two-factor authentication. Look at the FIDO standard (U2F and FIDO2). You can use the Hideez Key device which is both a password manager and a FIDO key.
|
|
|
|
|
1Password is the best you can get for this kind of purpose
|
|
|
|
|
|
Simplest thing is just to use the last 8 digits of pi. That's always worked for me, and no one has ever guessed it.
|
|
|
|
|
Tried that with some added complexity using -eiπ, but it didn't work.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
I heartily recommend:
Thycotic Secret Server[^]
It has AD integration, cloud or on-prem, auto password changing for network accounts, encryption, and a lot more. (I am not affiliated with the company in any way, but we use this in at my place of business, numbering ~750 employees).
|
|
|
|
|
Shared passwords make the hair on the back of my neck stand up.
For some reason this quote springs to mind:
"Three people can keep a secret, but only if two of them are dead."
|
|
|
|
|
It was a decentralized surprise backup.
|
|
|
|
|
Well, that settle things then.
|
|
|
|