Pass the password app, please
June 12, 2012 2:28 PM Subscribe
How does our small company need to manage our passwords?
We are a small web development firm that manages about 30 websites at a time, plus various google and other accounts. On occasion, someone from the team has to be let go and the rest of us spend that afternoon frantically changing passwords and just hoping that we didn't forget anything.
My boss just asked me if I could find some sort of application or service where he could enter all of the passwords and give us each a password to that system. Then we could log in, hit a link to a particular password and have it log in for us automatically (so that we never see the password). Neither he nor I are sure that something like this exists but we thought it might be worth a shot to ask.
Barring the existence of such a system, I think we need at least an online system that will keep track of our passwords for us. What is your favorite?
We are a small web development firm that manages about 30 websites at a time, plus various google and other accounts. On occasion, someone from the team has to be let go and the rest of us spend that afternoon frantically changing passwords and just hoping that we didn't forget anything.
My boss just asked me if I could find some sort of application or service where he could enter all of the passwords and give us each a password to that system. Then we could log in, hit a link to a particular password and have it log in for us automatically (so that we never see the password). Neither he nor I are sure that something like this exists but we thought it might be worth a shot to ask.
Barring the existence of such a system, I think we need at least an online system that will keep track of our passwords for us. What is your favorite?
Response by poster: thank you! Search was down when I posted it and I was impatient.
posted by dawkins_7 at 2:37 PM on June 12, 2012
posted by dawkins_7 at 2:37 PM on June 12, 2012
I didn't search, but checked the "passwords" tag. Sorry I don't have any more substantial input.
posted by filthy light thief at 2:42 PM on June 12, 2012
posted by filthy light thief at 2:42 PM on June 12, 2012
I came here to suggest LastPass.
posted by wandering_not_lost at 3:25 PM on June 12, 2012
posted by wandering_not_lost at 3:25 PM on June 12, 2012
If you want a proven solution used by big companies, Cyber-Ark is the default answer.
posted by TheNewWazoo at 3:52 PM on June 12, 2012
posted by TheNewWazoo at 3:52 PM on June 12, 2012
Questions:
How are you accessing these websites? Via web interfaces? SSH? Other means? What tools/applications/platforms are you using to access?
Is everyone accessing all sites?
Is access from anywhere on the internet, or can you limit access to specific IP addresses?
How do you manage the remote accounts/access? What if you fire a disgruntled employee, and he made a copy of the password file before he left? How would you handle that?
How are you logging access to all of these different sites? Can you tell who logged in, when, and where?
posted by swngnmonk at 4:06 PM on June 12, 2012
How are you accessing these websites? Via web interfaces? SSH? Other means? What tools/applications/platforms are you using to access?
Is everyone accessing all sites?
Is access from anywhere on the internet, or can you limit access to specific IP addresses?
How do you manage the remote accounts/access? What if you fire a disgruntled employee, and he made a copy of the password file before he left? How would you handle that?
How are you logging access to all of these different sites? Can you tell who logged in, when, and where?
posted by swngnmonk at 4:06 PM on June 12, 2012
Cyber-Ark. We use it to manage hundreds of logical infrastructures, tens of thousands of devices with hundreds of employees with access to all of them.
Cyber-Ark + combination of other stuff (we use RSA+SecureACS+Opsware/SA/NA).
posted by iamabot at 4:14 PM on June 12, 2012
Cyber-Ark + combination of other stuff (we use RSA+SecureACS+Opsware/SA/NA).
posted by iamabot at 4:14 PM on June 12, 2012
You're really talking more about something like Opsware which will basically proxy everything to the managed system for you and is an automation platform, getting the users out of the path.
posted by iamabot at 4:15 PM on June 12, 2012
posted by iamabot at 4:15 PM on June 12, 2012
Best answer: You should also be keeping a physical list, not of the passwords themselves but of all the places in which a password is needed for access. Then, should your online password system fail, you'll have that list available so you no longer "just hope we didn't forget anything."
posted by DisreputableDog at 8:59 PM on June 12, 2012
posted by DisreputableDog at 8:59 PM on June 12, 2012
We use Passpack where I work, if, for some reason, you want an alternative to the above. It's always been good to us.
posted by mumkin at 10:50 PM on June 12, 2012
posted by mumkin at 10:50 PM on June 12, 2012
Response by poster: Thanks everyone - it does look like LastPass will work. I've passed the info to my boss - we'll see what he says!
posted by dawkins_7 at 9:34 PM on July 15, 2012
posted by dawkins_7 at 9:34 PM on July 15, 2012
« Older I need an affordable iPod dock that travels well.... | Cipralex/Mental Health Professional and Client... Newer »
This thread is closed to new comments.
posted by filthy light thief at 2:34 PM on June 12, 2012