Join 3,372 readers in helping fund MetaFilter (Hide)


Pass the password app, please
June 12, 2012 2:28 PM   Subscribe

How does our small company need to manage our passwords?

We are a small web development firm that manages about 30 websites at a time, plus various google and other accounts. On occasion, someone from the team has to be let go and the rest of us spend that afternoon frantically changing passwords and just hoping that we didn't forget anything.

My boss just asked me if I could find some sort of application or service where he could enter all of the passwords and give us each a password to that system. Then we could log in, hit a link to a particular password and have it log in for us automatically (so that we never see the password). Neither he nor I are sure that something like this exists but we thought it might be worth a shot to ask.

Barring the existence of such a system, I think we need at least an online system that will keep track of our passwords for us. What is your favorite?
posted by dawkins_7 to Technology (12 answers total) 7 users marked this as a favorite
 
Here's a previous question with a number of suggestions. I'm not sure if any provide your best-case scenario (log into password bank, hit a link, get logged into that service), but the question was about sharing passwords with a team.
posted by filthy light thief at 2:34 PM on June 12, 2012


thank you! Search was down when I posted it and I was impatient.
posted by dawkins_7 at 2:37 PM on June 12, 2012


I didn't search, but checked the "passwords" tag. Sorry I don't have any more substantial input.
posted by filthy light thief at 2:42 PM on June 12, 2012


LastPass will do exactly this.
posted by tcv at 3:04 PM on June 12, 2012 [1 favorite]


I came here to suggest LastPass.
posted by wandering_not_lost at 3:25 PM on June 12, 2012


If you want a proven solution used by big companies, Cyber-Ark is the default answer.
posted by TheNewWazoo at 3:52 PM on June 12, 2012


Questions:

How are you accessing these websites? Via web interfaces? SSH? Other means? What tools/applications/platforms are you using to access?

Is everyone accessing all sites?

Is access from anywhere on the internet, or can you limit access to specific IP addresses?

How do you manage the remote accounts/access? What if you fire a disgruntled employee, and he made a copy of the password file before he left? How would you handle that?

How are you logging access to all of these different sites? Can you tell who logged in, when, and where?
posted by swngnmonk at 4:06 PM on June 12, 2012


Cyber-Ark. We use it to manage hundreds of logical infrastructures, tens of thousands of devices with hundreds of employees with access to all of them.


Cyber-Ark + combination of other stuff (we use RSA+SecureACS+Opsware/SA/NA).
posted by iamabot at 4:14 PM on June 12, 2012


You're really talking more about something like Opsware which will basically proxy everything to the managed system for you and is an automation platform, getting the users out of the path.
posted by iamabot at 4:15 PM on June 12, 2012


You should also be keeping a physical list, not of the passwords themselves but of all the places in which a password is needed for access. Then, should your online password system fail, you'll have that list available so you no longer "just hope we didn't forget anything."
posted by DisreputableDog at 8:59 PM on June 12, 2012


We use Passpack where I work, if, for some reason, you want an alternative to the above. It's always been good to us.
posted by mumkin at 10:50 PM on June 12, 2012


Thanks everyone - it does look like LastPass will work. I've passed the info to my boss - we'll see what he says!
posted by dawkins_7 at 9:34 PM on July 15, 2012


« Older I need a portable iPod all-in-...   |  I stopped taking my Cipralex a... Newer »
This thread is closed to new comments.