2
Possible Duplicate:
How do you keep track of all your passwords?
I was wondering what is considered best practice for storing and sharing passwords amongst a small (< 10) team that all use different operating systems (OS X, Windows, Ubuntu).
Toby
Posted 2011-03-22T11:23:21.527
Reputation: 679
1
Use Lastpass you can safely share passwords with others and its just a great tool to begin with.
Riguez
Posted 2011-03-22T11:23:21.527
Reputation: 3 594
That looks like it is just for web browsing? – Toby – 2011-03-22T11:28:44.080
@Toby You can use it to store passwords for local connections and it could also be used to store the password without a website just as an entry or they could be stored in a shared note. There is also an external application you can use to access the database offline and out of a browser. – Riguez – 2011-03-22T11:50:28.943
If you stored them as just normal entries then the built in sharing mechanism would not work you would have to give them access to the account they are stored in. In that case I would suggest using yubikeys for each person and a memorable password. – Riguez – 2011-03-22T11:51:56.943
By entries I mean you store them not associated to a website. You could put them in a Secure Note and share that though. The great thing about Lastpass is that it is really secure and stores your database online... they do not have access to it because it is encrypted client side and sent to them so don't lose your password. – Riguez – 2011-03-22T11:53:28.003
1
You could have a look at KeePass
Nils Magne Lunde
Posted 2011-03-22T11:23:21.527
Reputation: 2 154
Its called KeePass and it is a great solution especially combined with Dropbox to share the database I just prefer Lastpass because it has browser add-ons that auto-fill and save passwords. You also don't have to copy anything if using strictly for the web so its a like less likely to be intercepted. It already backs the database up online so no need for Dropbox and it has numerous options for multifactor authentication. – Riguez – 2011-03-22T12:03:01.440
0
In case team using GitHub probably, ssh-vault can help, if the team can share a ssh key, then this could be an option: https://ssh-vault.com/post/group-encryption/
nbari
Posted 2011-03-22T11:23:21.527
Reputation: 193
0
If you are storing passwords for things other than web , why dont you keep a spreadsheet with all the userids and passwords ?
You could use google docs for the purpose . Create a spreadsheet and share it with people in you team .All they have to do is login with their gmail ids and access all the stored passwords ( it also keeps a track of who made the last changes to the doc )
Shekhar
Posted 2011-03-22T11:23:21.527
Reputation: 4 815
That is not very secure most people leave themselves logged into their email accounts so anyone sitting down at the computer could see them. It could also be a problem if someone on the network hijacked the email session they would have access to the passwords for other things on the network. – Riguez – 2011-03-22T12:00:23.347
1@jb48394 i know its not a very safe solution , but then sharing passwords is not a very good practice to begin with ;) – Shekhar – 2011-03-22T12:10:15.933
Sharing passwords is a necessary evil, especially when dealing with third party vendors who will only allow company accounts. Two wrongs don't make a right though! – Toby – 2011-03-22T12:49:13.353
http://superuser.com/questions/255/how-do-you-keep-track-of-all-your-passwords – Sathyajith Bhat – 2011-03-22T11:39:19.893
4Surely best practice is not to do it - under Unix using sudo rather than root allows you to see who did what - also you can assign different users to Administrator under Windows – user151019 – 2011-03-22T12:03:02.457
I mean for things like shared accounts - like company logins for things. – Toby – 2011-03-22T12:31:04.887
1@Sathya - the difference between questions is one is personal password management, one is team, there are alot of other considerations when it has to span across a team. – Toby – 2011-03-22T12:46:23.963