What do you use for password management?

S

someniceuser

n3wb
Jun 29, 2016
2
0
[FONT=&quot]We have several clients, locations and service techs.[/FONT]

[FONT=&quot]We are running into situation that we need to keep all the passwords in one place and be accessible to the service techs when they are on-site.[/FONT]

[FONT=&quot]Right now we are using google docs and pretty generic passwords. [/FONT]

[FONT=&quot]Trying to see what people in the industry are using for password management?[/FONT]
 
Brain :)
 
Yeah, we need people in the field to be able to pull the password to the video server and not just website.

- - - Updated - - -

How would it work with the field techs? Do they have a way to integrate into Android or Iphones?

We have techs who go on site and need to log into the server when they are on-site/
 
I use Ilium Software's eWallet

They have client software for most platforms, and can keep them all in sync with a cloud wallet on dropbox.
 
Lastpass. You can set it up with 2 factor authentication with Duo Security (also free), and you can set it up so that if an unrecognized device tries to access your lastpass account it requires an email authorization before continuing to the 2 factor. You can set your workstation and smart to be "trusted" devices that do not require the 2 factor authentication to login, you can even have those trusted devices save your master password but that is a huge security risk. Typing in the master password each time you open LastPass has 2 benefits, first you have to type the master password frequently so you won't forget it and second if someone gets control of your workstation/smart phone they don't have full access to your digital life. Like most things in this world LastPass got compromised last year or something, I don't remember when, and accounts using 2 factor authentication weren't accessible because of the 2 factor authentication. The password list you have in lastpass is cloud based which means that if you lose your phone or workstation you can still login from any internet connected device and access all your passwords via a web browser. LastPass is free or $12 a year if you want to support them and get the smart phone app to use. While LastPass is designed as a webpage password manager you can easily store non-web based passwords in it. You can also install the LastPass Google Chrome plugin which will automatically populate usernames and passwords for most websites when you visit them. LastPass can also automatically change passwords on some major websites (e.g. amazon) so you don't have to go thru the manual process of doing so. LastPass has a security audit type feature that checks all your stored passwords for simplicity and duplicate use and gives you a report to help you choose unique complex passwords for all websites, this way if Target gets hacked and your password there is compromised it doesn't matter since Target was the only place that password was used. LastPass is an excellent service that I have been very happy with I recommend it strongly.
 
Another excellent aspect of LastPass is that you can create a shared password folder in your LastPass account and share it with other LastPass users. So you could have your email, banking, etc passwords stored in LastPass and accessible only by you, but you could also create a shared folder, share it with your service techs and any passwords you put in that folder would be visible on their LastPass logins, you can even control if the techs can see the passwords or just have the Google Chrome Plugin pass them thru to the webpages to login. So you could have your LastPass account share passwords with your spouse that they would need access to, like a bank accounts and mortgages.
 
If you prefer a more advanced in house solution you can look at Thycotic Secret Server. It too can be setup with 2 factor authentication with Duo Security and is a web based corporate password manager. You could publish it on the open internet but I would suggest instead that it be kept behind the corporate firewall and accessed via a VPN. If you want it to be secure yet accessible on the open internet look into x.509 security certificates, you can create a security cert for each tech or each device which allows you to revoke that specific cert should the tech leave the company.
 
You must log in or register to reply here.
Top Bottom