Educause Security Discussion mailing list archives
Re: Password managers
From: "Menne, Michael S" <michael.menne () MNSU EDU>
Date: Tue, 26 Mar 2019 18:01:47 +0000
We use Thycotic Secret Server internally for IT functions. It works fairly well, but I find it somewhat cumbersome and not intrusive enough for the average end user. I use LastPass for my personal accounts and now have over 100 accounts enrolled after using it for 2 years. Their mobile app has continued to improve. When I talk about intrusive enough, Thycotic doesn’t ask “do you want to save this password,” LastPass does for all web passwords through its browser plugins. My wife is a very non-technical user and has started to get the hang of LastPass without me showing her a lot about it. The Enterprise version of LastPass is able to sit side by side with a user’s personal account as if they were integrated. If/when a user leaves the organization, that part of their account is disabled and access removed from them. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 www.mnsu.edu/its/security<applewebdata://E5E98DA9-AEBC-4104-AA47-742D8C5F4644/www.mnsu.edu/its/security> [cid:image001.png@01D341A0.236300E0] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Barton, Robert W." <bartonrt () LEWISU EDU> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, March 25, 2019 at 8:51 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Password managers Morning, We’ve been using Password Safe by Bruce Schneier (https://pwsafe.org<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpwsafe.org&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C2166443ecec84e7e67a408d6b128f4b3%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636891186835181641&sdata=pfN53WqBQbxcZgbTGY3jMHC5zoTUSth%2FJkvU07Ui%2BWc%3D&reserved=0>) for individuals. It is open source, last updated in December, and has hooks for 2FA. We are looking at Password State for the enterprise level. Robert W. Barton Executive Director of Information Security and Policy Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Patrick McElhinney Sent: Monday, March 25, 2019 12:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password managers Hi All, We’re starting to do some exploratory work to see what end-user password managers are working well across the sector, and can work with our use cases with professional staff, students and research communities. Some of the solutions we’ve identified through Google searches include: * LastPass * Dashlane * Password State * Stashword * Bit Warden * Zoho * StickyPassword * RoboForm We’re looking to hopefully integrate with Okta for SSO (SAML), and provide some kind of ability to on-board users if they already use a password safe, and off-board users gracefully when they cease being a student or member of staff, i.e. let them take their own secrets with them when they leave, and for us to hold on to University secrets. The solution also needs to be cost-effective. Has anyone got any suggestions on what’s worked for them, and any other options not listed above that we should consider? Many Thanks, Patrick PATRICK McELHINNEY | Senior Security Specialist IT Services - Resources Division Tel: +61 2 498 54156 Mobile: +61 437 680 105 Email: patrick.mcelhinney () newcastle edu au<mailto:patrick.mcelhinney () newcastle edu au> The University of Newcastle (UON) University Drive, Callaghan NSW 2308 Australia [The University of Newcastle]<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.newcastle.edu.au%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C2166443ecec84e7e67a408d6b128f4b3%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636891186835181641&sdata=P4l9h3DeTzbNRWGlVWe9D3F68Kfk6EGm3mf%2F01raasY%3D&reserved=0> [http://s.uon.nu/img/vert-divider-2017.png] [The World Needs New]<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.newcastle.edu.au%2Fnew&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C2166443ecec84e7e67a408d6b128f4b3%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636891186835191645&sdata=d0kmw1%2BMwAhjcRZlaX5ajX4IG5iMxo8jGv2Wmjj%2Frfc%3D&reserved=0> Ranked in the top 1% of universities in the world by QS World University Rankings 2017/18 CRICOS Provider 00109J This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
Current thread:
- Password managers Patrick McElhinney (Mar 24)
- Re: Password managers Madl, Michael (Mar 25)
- Re: Password managers Jeff Borton (Mar 25)
- Re: Password managers Francisco Chavez (Mar 25)
- Re: Password managers Barton, Robert W. (Mar 25)
- <Possible follow-ups>
- Re: Password managers Menne, Michael S (Mar 26)
- Re: Password managers Patrick McElhinney (Mar 28)
- Re: Password managers Madl, Michael (Mar 25)