State of the art multiuser password management for a small organization
June 29, 2017 11:04 AM Subscribe
I am working on a startup non-profit organization with about half a dozen team members. We need to get our password house in order. We have accounts at places like Squarespace, Mailchimp, Survey Monkey, Twitter, etc that multiple people need to access. Maintaining a list of login credentials in a Google Doc is not the right solution. What is?
We are mostly an Apple shop, but whatever system we put in place should also work for Android and Windows.
It would be nice to find a tool that doesn't interfere with whatever personal password solution each team members already uses (if any). For example, I use iCloud Keychain to manage my passwords; ideally that would continue to work as it has in the past, while this new team solution sits alongside it.
We don't need a ton of administrative features and control. People can manage their own e-mail account passwords and stuff like that. What we need is a way to give selected individuals access to certain shared passwords, and then potentially take that access away if the individual leaves the organization.
LastPass Teams looks pretty good. Does it work well in practice, and does the company have a good track record? What other options should I look at?
In addition to pointers to tools, I'd also welcome any advice and general principals to keep in mind.
I've looked at thisprevious question, but it's several years old and I expect some things have changed since then.
Thanks in advance.
We are mostly an Apple shop, but whatever system we put in place should also work for Android and Windows.
It would be nice to find a tool that doesn't interfere with whatever personal password solution each team members already uses (if any). For example, I use iCloud Keychain to manage my passwords; ideally that would continue to work as it has in the past, while this new team solution sits alongside it.
We don't need a ton of administrative features and control. People can manage their own e-mail account passwords and stuff like that. What we need is a way to give selected individuals access to certain shared passwords, and then potentially take that access away if the individual leaves the organization.
LastPass Teams looks pretty good. Does it work well in practice, and does the company have a good track record? What other options should I look at?
In addition to pointers to tools, I'd also welcome any advice and general principals to keep in mind.
I've looked at this
Thanks in advance.
My old team - 13 folks on various platforms with widely varying levels of tech-savvy - used LastPass for our 400+ logins. It worked very well, if not entirely seamlessly. Most problems were either due to user error on our end or some websites that just didn't play well with LastPass' auto-login feature in some way. I would still recommend it, though, as it was such a vast improvement over our shared spreadsheet system. (Caveat: we were using the Enterprise version. I don't know if Teams has less support or functionality.)
posted by minervous at 11:12 AM on June 29, 2017
posted by minervous at 11:12 AM on June 29, 2017
I've got a team of a few people all using 1Password. Rates are reasonable and people can decide to use it for personal stuff as well as work stuff if they want. We share our info via Dropbox (not best security but not terrible) and once it's set up it's very very simple to use. Extra bonus is storing the work credit card in there.
posted by jessamyn at 11:16 AM on June 29, 2017
posted by jessamyn at 11:16 AM on June 29, 2017
+1 for 1Password. Frankly, I'd +100 if I could. I use it for my personal life and it is an incredibly well-designed and stable piece of software that has yet to fail me, and it is now hard for me to understand how I lived without it. I have so many logins stored in there now (in addition to credit cards, SSNs, WiFi passwords, and God knows what else) that I am often pleasantly surprised by the fact that some little-used account is stored in there.
I can't speak to the quality of their cloud services, but, judging by the quality of their software, I'm sure it's nothing less than excellent. If you still feel wonky about it, though, you could get a copy of the software for each user and share the vault file via Dropbox or (if you all have Macs) iCloud. For my personal use, my vault is shared over iCloud between my Mac and iPhone (their iOS app is great and has TouchID support!).
Obviously, I'm a 1Password fan, but I have heard good things about LastPass, despite their security faux pas in the past. The university where I work has just adopted it on an enterprise level, and they are very stringent about their software requirements - they wouldn't adopt the Google Suite for Enterprise because they didn't feel that the encryption was strong enough.
posted by amohield at 12:03 PM on June 29, 2017 [1 favorite]
I can't speak to the quality of their cloud services, but, judging by the quality of their software, I'm sure it's nothing less than excellent. If you still feel wonky about it, though, you could get a copy of the software for each user and share the vault file via Dropbox or (if you all have Macs) iCloud. For my personal use, my vault is shared over iCloud between my Mac and iPhone (their iOS app is great and has TouchID support!).
Obviously, I'm a 1Password fan, but I have heard good things about LastPass, despite their security faux pas in the past. The university where I work has just adopted it on an enterprise level, and they are very stringent about their software requirements - they wouldn't adopt the Google Suite for Enterprise because they didn't feel that the encryption was strong enough.
posted by amohield at 12:03 PM on June 29, 2017 [1 favorite]
KeePassXC is what I use. It has a price a business can love (free) and it reads/writes to a single file, KDBX, which is itself password protected and which you share on your network. The trick is to not have multiple people keeping it open at the same time, because that leads to the risk of someone saving an out-of-date copy of the program.
KeePassXC is a fork of KeePass (which is also current and active; I used it until very recently), and both have an excellent pw generator, and can do auto-typing, and can be used on multiple platforms including mobile platforms.
posted by Sunburnt at 12:41 PM on June 29, 2017
KeePassXC is a fork of KeePass (which is also current and active; I used it until very recently), and both have an excellent pw generator, and can do auto-typing, and can be used on multiple platforms including mobile platforms.
posted by Sunburnt at 12:41 PM on June 29, 2017
I used 1Password for my last job and found it to be clunkier to use than LastPass.
posted by gregr at 2:46 PM on June 29, 2017
posted by gregr at 2:46 PM on June 29, 2017
A previous employer started leaning towards DashLane, partly for the sharing passwords feature.
posted by Phredward at 4:16 PM on June 29, 2017
posted by Phredward at 4:16 PM on June 29, 2017
KeePass
In our organization we use KeePass for stored shared passwords with the KeeWeb frontend.
keeweb
posted by nickggully at 6:49 PM on June 29, 2017
In our organization we use KeePass for stored shared passwords with the KeeWeb frontend.
keeweb
posted by nickggully at 6:49 PM on June 29, 2017
Another vote for 1Password. You can have multiple "vaults" of passwords and can share individual vaults with different people. For instance, I've put all the passwords related to household stuff in a vault I share with my wife. The company constantly issues updates to stay on top of security bugs.
1Password also has a team edition that lets you do fancy stuff like revoke access; it's offered on a software-rental model, unlike the normal version, which you just buy.
posted by adamrice at 9:18 PM on June 29, 2017 [1 favorite]
1Password also has a team edition that lets you do fancy stuff like revoke access; it's offered on a software-rental model, unlike the normal version, which you just buy.
posted by adamrice at 9:18 PM on June 29, 2017 [1 favorite]
Response by poster: I have a follow-up question, in case anyone is still here:
I installed 1password, and it works great except that it asks for my master password too often. I would like it to work the way iCloud password manager works: if I've successfully logged into my user account on my Mac, I should have access to my passwords. I would like to enter my master password at most once.
I see that 1Password lets you set a timeout for your master password validity. Unfortunately, if I switch to a different account on my Mac and then back again, I need to reenter my master password. This is a pain.
Is there any way to tell it not to bug me about this? I have created a very long master password for security reasons, and I don't like to have to type it all the time. I guess I could switch to a shorter, less secure master password but I'd rather not do that.
posted by Winnie the Proust at 7:20 AM on September 7, 2017
I installed 1password, and it works great except that it asks for my master password too often. I would like it to work the way iCloud password manager works: if I've successfully logged into my user account on my Mac, I should have access to my passwords. I would like to enter my master password at most once.
I see that 1Password lets you set a timeout for your master password validity. Unfortunately, if I switch to a different account on my Mac and then back again, I need to reenter my master password. This is a pain.
Is there any way to tell it not to bug me about this? I have created a very long master password for security reasons, and I don't like to have to type it all the time. I guess I could switch to a shorter, less secure master password but I'd rather not do that.
posted by Winnie the Proust at 7:20 AM on September 7, 2017
You seem to be asking for ways to make 1Password less secure, but don't want to pick a shorter password that would leave it less secure.
The closest thing I can think of is changing the "auto lock" settings in the preferences (under the Security tab). But I don't think there's a way to change user accounts back and forth without locking 1Password.
posted by adamrice at 2:33 PM on September 7, 2017
The closest thing I can think of is changing the "auto lock" settings in the preferences (under the Security tab). But I don't think there's a way to change user accounts back and forth without locking 1Password.
posted by adamrice at 2:33 PM on September 7, 2017
This thread is closed to new comments.
posted by meta87 at 11:10 AM on June 29, 2017