What's a good way to share passwords with a team?
January 20, 2012 2:51 PM   Subscribe

What's a good way to share passwords among members of a team?

A few days ago, my Twitter account was hijacked. I accidentally clicked on a link I shouldn't have and voila, instant DMs to all may followers soon came after. As you would no doubt guess, much hilarity ensued.

I've changed my Twitter password to something much stronger, so that's taken care of. A good friend of mine who is also a security analyst recommended I check out a password protection application like 1Password or KeePass.

While I'm considering both for myself, that got me thinking. Right now, various members of the team I manage share various passwords using a locked spreadsheet. Obviously, this isn't sustainable since I've heard they can be cracked. I'd like to switch to something a little more appropriate as a password vault. Here are our rather simple requirements:
  • More secure
  • Easy to use
  • Multi-platform (primarily Win7, some Mac, Android, iOS)
  • Cheap-ish or free
Any ideas? Recommendations?
posted by zooropa to Computers & Internet (9 answers total) 5 users marked this as a favorite
 
Our company uses LastPass to share passwords and has been very happy with it.
posted by warble at 3:04 PM on January 20, 2012 [3 favorites]


Use a password bookmarklet like this one and share the master password.
posted by kindall at 3:10 PM on January 20, 2012 [1 favorite]


passwordsafe.
posted by rmd1023 at 3:14 PM on January 20, 2012


As a team, we manage dozens of accounts on behalf of clients, and we share creds via Google Docs. The way to manage security is to change the password to Google Docs regularly. We also grant access to certain classes of passwords (Twitter versus, say, Adwords) to teammembers on a need-to-know basis.
posted by KokuRyu at 3:30 PM on January 20, 2012


LastPass Enterprise is great, and much cheaper than it sounds.
posted by maxim0512 at 3:32 PM on January 20, 2012


We use password safe, and it works well.
posted by routergirl at 3:33 PM on January 20, 2012


Two people can keep a secret if one of them is dead.

I am old school but I was always taught never share pass words no way no how and have never seen that superseded. If you want a group account and a shared password I am certain the gurus (I am not one) are going to tell you to do it another (possibly more expensive or laborious) way.

The thing is group membership changes. To this day I can RSS into an org/co I haven't been involved with for three years with an old (they presume) forgotten group account. You really probably do not want this.
posted by bukvich at 7:57 PM on January 20, 2012 [2 favorites]


Bukvich's anecdote is also the reason you cannot share a password 'formula' or recipe, and should have a "when a member leaves the organization, we do this" plan in advance.
posted by rokusan at 8:40 PM on January 20, 2012


Unfortunately, there are some shared passwords that are unavoidable -- root accounts, router enable secrets, etc. A schedule for periodic password changes (for example, I believe PCI requires this quarterly, but I'm not sure about that) helps reduce the chance that an exposed password will get out there. The best way I've used to handle the password change is that the new passwords are generated randomly (passwordsafe will do this for you), and managers are each given a separate passwordsafe file for the passwords that their group controls. They pass this out to their staff. Everyone can have their own copy of the password file that is security with their own master password, so you don't have a common file sitting around on a shared drive with a known group password. If the laptop or portable storage device that has the password safe file on it is lost/stolen, you don't have to immeidately change all passwords. And because you're already doing regular password changes, you have a process in place for changing passwords after people leave and at worst, you'll change it when they've been gone just a few months.
posted by rmd1023 at 7:58 AM on January 21, 2012


« Older Charging A-head: How Much for Language Training...   |   Doc recommendations in San Diego Newer »
This thread is closed to new comments.