Re: Password managers

["Menne, Michael S" <michael.menne () MNSU EDU>]

We use Thycotic Secret Server internally for IT functions. It works fairly well, but I find it somewhat cumbersome and 
not intrusive enough for the average end user. I use LastPass for my personal accounts and now have over 100 accounts 
enrolled after using it for 2 years.  Their mobile app has continued to improve.

When I talk about intrusive enough, Thycotic doesn’t ask “do you want to save this password,” LastPass does for all web 
passwords through its browser plugins.  My wife is a very non-technical user and has started to get the hang of 
LastPass without me showing her a lot about it.

The Enterprise version of LastPass is able to sit side by side with a user’s personal account as if they were 
integrated.  If/when a user leaves the organization, that part of their account is disabled and access removed from 
them.


Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
www.mnsu.edu/its/security<applewebdata://E5E98DA9-AEBC-4104-AA47-742D8C5F4644/www.mnsu.edu/its/security>

[cid:image001.png@01D341A0.236300E0]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Barton, Robert 
W." <bartonrt () LEWISU EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, March 25, 2019 at 8:51 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Password managers

Morning,

We’ve been using Password Safe by Bruce Schneier 
(https://pwsafe.org<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpwsafe.org&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C2166443ecec84e7e67a408d6b128f4b3%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636891186835181641&sdata=pfN53WqBQbxcZgbTGY3jMHC5zoTUSth%2FJkvU07Ui%2BWc%3D&reserved=0>)
 for individuals.  It is open source, last updated in December, and has hooks for 2FA.

We are looking at Password State for the enterprise level.

Robert W. Barton
Executive Director of Information Security and Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Patrick McElhinney
Sent: Monday, March 25, 2019 12:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password managers

Hi All,

We’re starting to do some exploratory work to see what end-user password managers are working well across the sector, 
and can work with our use cases with professional staff, students and research communities.  Some of the solutions 
we’ve identified through Google searches include:

  *   LastPass
  *   Dashlane
  *   Password State
  *   Stashword
  *   Bit Warden
  *   Zoho
  *   StickyPassword
  *   RoboForm

We’re looking to hopefully integrate with Okta for SSO (SAML), and provide some kind of ability to on-board users if 
they already use a password safe, and off-board users gracefully when they cease being a student or member of staff, 
i.e. let them take their own secrets with them when they leave, and for us to hold on to University secrets.

The solution also needs to be cost-effective.

Has anyone got any suggestions on what’s worked for them, and any other options not listed above that we should 
consider?

Many Thanks,  Patrick

PATRICK McELHINNEY | Senior Security Specialist
IT Services - Resources Division

Tel:         +61 2 498 54156
Mobile:   +61 437 680 105
Email:    patrick.mcelhinney () newcastle edu au<mailto:patrick.mcelhinney () newcastle edu au>

The University of Newcastle (UON)
University Drive, Callaghan NSW 2308 Australia
[The University of 
Newcastle]<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.newcastle.edu.au%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C2166443ecec84e7e67a408d6b128f4b3%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636891186835181641&sdata=P4l9h3DeTzbNRWGlVWe9D3F68Kfk6EGm3mf%2F01raasY%3D&reserved=0>

[http://s.uon.nu/img/vert-divider-2017.png]

[The World Needs 
New]<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.newcastle.edu.au%2Fnew&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C2166443ecec84e7e67a408d6b128f4b3%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636891186835191645&sdata=d0kmw1%2BMwAhjcRZlaX5ajX4IG5iMxo8jGv2Wmjj%2Frfc%3D&reserved=0>



Ranked in the top 1% of universities in the world by
QS World University Rankings 2017/18

CRICOS Provider 00109J



This message (including any attachments) is intended only for the use of the individual or entity to which it is 
addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you 
are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. 
If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy 
this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.