Password Managers in Industry

davidsumner2 · 2014-04-24T13:59:34.000Z

At my workplace we used to keep all the passwords for our servers in a spreadsheet (Bad Idea), Luckily we managed to persuade management to change to KeePass, where they are encrypted.

I’m looking for something more advanced now though, preferably with multiple user levels. Eg. Different Techs only getting the passwords they need.

What do you use for password management?

David S.

@LastPass

robertfranz3 · 2014-04-24T14:03:18.000Z

I’d be interested in this also.

Especially if it had robust multiple access levels and authentication methods.

Be nice if it had a ‘break the glass’ function too.

Manager X can elevate his access to level Y in an emergency, but this then trips alerts and/or other actions.

I know that last is a lot to ask - since it just occurred to me 5 seconds ago.

bryandoe · 2014-04-24T14:09:51.000Z

I’ve got a small group using Lastpass, which has gone fairly well, and I believe would hit your points. For everyone else (since LP is paid), KeePass.

tbw789 · 2014-04-24T14:09:51.000Z

I am interested in this too.

keith22 · 2014-04-24T14:13:31.000Z

LastPass would do exactly what you want.

lastpass.com

Enterprise Password Management Solutions - LastPass 

Our enterprise password management solution unifies security controls, user and group management, federation, and more into an all-in-one interface that is easy and simple to use. Add on SSO and advanced MFA for full control over enterprise identity.

daveplzak · 2014-04-24T14:18:03.000Z

Make your servers 2 factor authentication capable. Put your admins in groups for “their” servers. Issue them all smart cards and readers. now for them to manage a server they have to have a smartcard and they only have to remember one password the one to unlock their card specify that it must be longer than 4 Chars, that provides enough deterrent for most servers and is a great way to start tightening up an environment.

tbw789 · 2014-04-24T14:25:55.000Z

Just downloaded it works great. thanks

martinpeverley · 2014-04-24T14:26:14.000Z

I’ll second LastPass.

If you set up Shared Folders you can grant access to specific users or groups.

You can force 2 factor authentication for getting into LP.

@Robert, that’s a pretty radical idea but I like it. Not sure it would be good in practice, but in theory it sounds useful.

cpunty · 2014-04-24T14:30:41.000Z

We’ve been using truecrypt to encrypt a spreadsheet.

jacenrkohler · 2014-04-24T14:32:51.000Z

I’m also facing a similar situation.

These are some good answers.

davidsumner2 · 2014-04-24T14:35:43.000Z

I like the look of lastpass, but that is a fair amount of money for each user. Funding from management is like blood from a stone

servermonkey8064 · 2014-04-24T14:38:58.000Z

Secret Server

PasswordState

LastPass

or if you like KeePass but want the ability to set access rights look at Pleasant Password Server

Keep in mind Excel can do AES encryption, so whilst it’s less than ideal it’s not quite as bad as it used to be, least I assume not.

amber-lastpass · 2014-04-24T15:03:10.000Z

Thanks for mentioning LastPass, guys

David - I’m the green gal for LastPass and would be happy to address any questions - there are discounts for having more licenses, plus LastPass Enterprise is one cost for both SSO and password vaulting. Users get the same great LastPass experience but admins have robust sharing, security and reporting capabilities. Happy to drill down into specific questions if we might be of help, regardless of where your decision takes you.

martinpeverley · 2014-04-24T15:31:52.000Z

David382539:

I like the look of lastpass, but that is a fair amount of money for each user. Funding from management is like blood from a stone

Even at list price it’s only $2 per month per user. For the increased security and reduced workload, that’s tough to beat. I only have it for our admins, though, not for regular users.

tonybrumley4591 · 2014-04-24T16:05:20.000Z

Amber,

We are in a trial period with LastPass. I have a question about admin passwords and how to prevent an admin from changing their password within a cloud solution. Do you have any advice?

amber-lastpass · 2014-04-24T16:17:58.000Z

tony brumley:

Amber,

We are in a trial period with LastPass. I have a question about admin passwords and how to prevent an admin from changing their password within a cloud solution. Do you have any advice?

Hi Tony: If you mean the master password, the admins never know it and we currently don’t have a policy to disallow changing it, if you mean a site password for an online account - this is at the site level so not something we can directly control. Reporting in LastPass does help you know who last accessed what while using LastPass so in that way could help with accountability, but cannot prevent an account change from being made on the site. Does that help? If you can clarify further on the scenario happy to address further questions.

codicampbell · 2014-04-24T16:22:38.000Z

I use Lastpass at home and on my cellular. Works very well. Waiting for full iOS integration, but knowing Apple, it won’t happen. At work it’s all in my head, which so far hasn’t been an issue.

Little-Green-Man · 2014-04-24T17:41:29.000Z

I love KeePass and it’s free. I even wrote a how-to on how to create a shared DB:

http://community.spiceworks.com/how_to/show/33119-how-to-create-a-synchronized-secure-password-database-with-keepass-professional-and-a-service-such-as-dropbox-box-google-drive-or-local-network-share

tonybrumley4591 · 2014-04-24T17:47:41.000Z

Hi Amber. If I have users who today are using admin credentials with a cloud provider (SalesForce, HubSpot, etc…), I can prevent the (admin) user from knowing and seeing the password using LastPass. However, how do I prevent them from clicking on the forgot password link, receive an email and reset the admin password? Now, our system admins will not know the admin password.

Thanks…

ryandokter1409 · 2014-04-24T18:37:48.000Z

Passwordstate