Password managers?
HI guys
In our IT department, we would like to better be able to store our network passwords somewhere? At the moment, they're in a password protected document.
Is this how you guys do it? Are there password managers that are much better to use and something you guys have come across?
Cheers
Yashy
In our IT department, we would like to better be able to store our network passwords somewhere? At the moment, they're in a password protected document.
Is this how you guys do it? Are there password managers that are much better to use and something you guys have come across?
Cheers
Yashy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We use Password Safe. Which is open source as well. It can be found here... http://pwsafe.org/
We use lastpass. Phone app is nice too
I use and recommend roboform2go. But a business may want to look into cyberark.
The reason I like roboform2go, is that it stays with me on my stick. I have a subscription to roboform everywhere (where it stores passwords on the web with double encryption), but only use it to sync my passwords with my phone and ipad, then I delete all passwords stored on the cloud.
The reason I like roboform2go, is that it stays with me on my stick. I have a subscription to roboform everywhere (where it stores passwords on the web with double encryption), but only use it to sync my passwords with my phone and ipad, then I delete all passwords stored on the cloud.
Another vote for Keepass.
lastpass, lets you share logins without sharing passwords, lets you do groups and revocation and prestage shared passwords and notes (for things like procedures instead of just pain passwords)
I've used Dashlane and Passwwordbox as well. Both have their pros/cons. Forinstance the reason I have passwordbox at all is becasuse they bought out Legacy Locker which is now incorporated into the manager as "Legacy". It is a way to share passwords in case of your death. What happens to your passwords (especially if you are like me and have literally hundreds) and identities and online profiles? Legacy lets you designate someone who will receive that information when they can produce a death certificate (among other things). The biggest problem for me is that it seems like it is storing the passwords in the cloud (since it is basically a browser plugin. But it has passwords, wallet, safe notes, sharing, legacy, a a generator.
Dashlane is another option. I was an original beta tester for this one and do like it, one of the biggest pros is that it will notify you if there are breaches well in advance of anyplace else. It also has a great security manager which rates your passwords and helps you make them better. It will tell you which ones are used more than once and how many times as well as telling you which passwords are bad/poor/okay/good/better/
While Passwordbox's import facility for roboform passwords and safenotes worked fairly well, Dashlane has a few problems with the same import.
Dashlane is another option. I was an original beta tester for this one and do like it, one of the biggest pros is that it will notify you if there are breaches well in advance of anyplace else. It also has a great security manager which rates your passwords and helps you make them better. It will tell you which ones are used more than once and how many times as well as telling you which passwords are bad/poor/okay/good/better/
While Passwordbox's import facility for roboform passwords and safenotes worked fairly well, Dashlane has a few problems with the same import.
Slightly off topic: Do be aware that using a password manager doesn't remove the threats of keystroke loggers, scree captures or RAM sniffers stealing passwords.
My vote goes for Keepass:
It plugs in with PuTTY, so you can open a putty session directly from keepass, as well as websites, and RDP sessions, very handy.
It's portable, so good for out of hours support personnel.
We use it at work as our main systems DB as well (kindda CMDB), not just to keep passwords,
It plugs in with PuTTY, so you can open a putty session directly from keepass, as well as websites, and RDP sessions, very handy.
It's portable, so good for out of hours support personnel.
We use it at work as our main systems DB as well (kindda CMDB), not just to keep passwords,
I use lastpass with yubikey this way I have 2 factor authentication.
If I was to trust any password keeper it would be keepass
Security Expert Steve Gibson has evaluated many password managers and so did the USENIX security team and lastpass is the one he uses. LastPass fixed the vulnerabilities that the security researchers found.. Keeppass wasn't even mentioned.
https://www.grc.com/sn/sn-467.pdf
https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-li-zhiwei.pdf
https://www.grc.com/sn/sn-467.pdf
https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-li-zhiwei.pdf
The USENIX evaluation was on web based password managers. Keepass isn't web based. The Keepass application is local while the database can be anywhere else that the app can access.
Keepass has certificate and password security,therefore 2 factor authentication.
Here's another vote for keepass.
ASKER
Hey guys,
Thanks for your input and help on this. Sounds like Keepass is getting the vote here.
Thank you Thomas Zucker-Scharfff for your input regarding Dashlane and Passwwordbox and David Johnson also, I greatly appreciate the feedback also.
Thanks for your input and help on this. Sounds like Keepass is getting the vote here.
Thank you Thomas Zucker-Scharfff for your input regarding Dashlane and Passwwordbox and David Johnson also, I greatly appreciate the feedback also.
We also use keepass. It's very simple to use. Just place the kdbx-file on a Share, where everyone of the IT-Department has access.