We've talked about personal password management here but how do you guys manage your passwords at a company wide level?
Asked
Active
Viewed 3.0k times
13 Answers
10
I thought I'd report back after my week of searching...
I've settled on PassPack I've been using it for a few days now for my personal passwords and I'm a total fanboy.
They use the Host-Proof Hosting pattern so the only one that can access your stuff is you and if you forget your password they can't help you.
They have some nice Offline apps written with Adobe AIR and Google Gears.
But, best of all, they fit my "enterprise" requirement because an upcoming release will support sharing within a trusted group.
Plus, I learned about The "Blog" of "Unnecessary" Quotation Marks in their forum.
JJohnson
- 901
- 2
- 9
- 16
-
1I'm also looking for a good password management system, but I can't trust a site that won't let me see their privacy policy or terms of service. I went as far as creating a packing key, but when it asked me to confirm that I've read and agreed to their terms of service/privacy policy, I tried clicking on the link. Each time it just logged me out and sent me to their login page. So either their programmers are incompetent, or the company has something to hide. I won't agree to a contract that I can't read, and I would advise others not to either. – Calvin May 01 '09 at 18:04
-
1It looks like @Calvin's concerns have since been addressed. – coreyward May 07 '12 at 20:15
6
We have managed to plan our company applications so they are mainly web based and open source or in-house developed. This then allowed us to use LDAP to hook into active directory for logging into our intranet. From there we modified the logins into various products we use (MediaWiki, Wordpress, SugarCRM etc.) so that if the user is authenticated in the intranet, they are automatically logged into these other products as well.
This has taken some time setting up the process and creating a script to set all the appropriate user details in each system when someone joins the company, however now we have a situation where everyone only has to remember one password, removing the need for managing a growing list of passwords.
Obviously this may not be viable in many companies, but now that we have it setup it was worth the effort.
Jarod Elliott
- 15,460
- 3
- 35
- 34
-
6This is more of a "password architecture" solution, than password management. This does not solve the need to share individual passwords for applications between two users (which can not always be solved the "correct" way. ex: for App DB accounts, Admin accounts, etc.) – Aaron Hoffman Dec 14 '09 at 20:32
1
We are using KeePass application with success. We create file per project and/or per business domain. We share the password to appropriate KeePass file between people who should have access.
It's not the best solution. We also have Cyber-Ark software installed corporate-wide, but due to some strange configuration rules it does not work for us as good as the previous solution. It might be also related to the fact that we have an old version.
ChiTec
- 163
- 1
- 1
- 8
1
We use Password Agent: http://www.moonsoftware.com/pwagent.asp
It stores everything from PC admin logins to website logins and product keys for products we all use.
Nick
- 13,238
- 17
- 64
- 100
1
We maintain an in-house Lotus Notes database that stores absolutely everything from passwords to server change records. It is big, cumbersome, takes an age to load, and is generally not, uh, nice.
No, this is not a sane way to do it. :-|
Rob Howard
- 1,789
- 2
- 20
- 38
1
We use Active Directory to store user credentials, and developed custom library for Desktop and Web
Salamander2007
- 6,294
- 8
- 32
- 26
0
Obviously I'm biased because I work there, but we use Enterprise Random Password Manager from Lieberman Software. Yes, we do actually dogfood our own tool in our own network. It has some nice features, like web accessibility with delegation, scheduled operation with retry, propagation to other things using accounts (services, COM+ apps, etc.), system/account discovery, Linux/Unix account management, etc.
I'm sure a salesperson could give a better pitch, but that I am not. I'd encourage you to check it out. :)
Nick
- 6,808
- 1
- 22
- 34
0
For passwords related to my work, I store them in a plain unencrypted passwords.txt file in my user storage area on the main company file server. Normally, other people in the company can't read files in my user storage area, so there is little risk of exposure. However, if something were to happen to me, then all my passwords for company related activities would be trivially available to others inside the company - just ask MIS.
This is a very different security model than what I use for my personal passwords, of course.
Greg Hewgill
- 951,095
- 183
- 1,149
- 1,285
-
Could you elaborate on the personal security model? Put the passwords.txt into a veracrypt volume? – droid192 Jun 15 '17 at 10:35
-
1@ItsmeJulian: I use KeePass (and other compatible programs such as MacPass) for personal passwords. – Greg Hewgill Jun 15 '17 at 10:41
-
is there a measure on how to trust the sourcecode, especially guis are errorprone? – droid192 Jun 15 '17 at 10:42
0
Just a heads up: Microsoft have a product managing credentials/passwords/identity across varied systems: Identity Lifecycle Manager
Duncan Smart
- 31,172
- 10
- 68
- 70
0
My business friend adviced me to check out Passwork (https://passwork.me). They use self-hosted version on own servers, i found out that Passwork also has SaaS. So i and my colleagues store our company passwords in Passwork.
We had tried another enterprise pw managers before but weren't able to trust them.
Iliya Garakh
- 387
- 1
- 4
- 18
0
Secret Server is something that grew from an internal need (within our software company) to a viable product that is now used all over the world. It is web-based and allows you to store passwords and then securely share them with other users and groups (even AD users and groups). It is also able to actively reach out and change passwords on automatic schedules, even handling associated dependencies such as Windows Services for service accounts.
Enterprise Password Management (free 30 day trial).
-
You say you hash user-passwords with SHA512. That's not really great from a security POV, and doesn't give me a lot of faith in your product. – devicenull Mar 20 '12 at 18:19
-
This product is bullsh*t, I tried it and it was no good experience for me. – Jonathan Rioux Jun 12 '12 at 17:11
0
Use Apache Directory Server, which is an LDAP-standard implementation.
You can manage the directory database using Apache Directory Studio so it's quite user friendly (or at least, admin-friendly).
Then you can hook the directory programmatically to any application that requires access to the credentials, LDAP client libraries are widely available on popular programming platforms such as Java, C++, PHP, Ruby, etc.
Hendy Irawan
- 20,498
- 11
- 103
- 114
-7
We had a look at a product that had these features:
- Can give access privleges to password using roles.
- Handles delegation.
- Logs access to passwords.
- Can Randomize passwords.
- Can automatically re-randomize a password X days after access to it.
Unfortunately, I can't couldn't it's name when I posted this... It was "Secret Server"
Osama Al-Maadeed
- 5,654
- 5
- 28
- 48