![]() ![]() Telling them this (explaining them and making sure they understand) also is best for you if the whole thing comes tumbling down. ![]() Somehow management should be at least aware of that. I understand that you feel (some) frustration with this as security might be in jepardy. ![]() These are the keys to the kingdom you're storing, don't leave them hanging outside the front gate. Users need to understand the importance of security.Īs I said, we use SSO for passwordstate, but we have that backed up with MFA, so although the initial sign on is automatic via the users AD / Azure credentials, there is a secondary OTP using google authenticator on mobile phones which needs to be entered, and the session times out after 15 minutes. There is a balance to be found between ease of use and security, and doing what you're suggesting is too far towards ease of use. HOWEVER as others have said, doing this alone is very very insecure, you'd be as well just enabling guest access to everything, or using a shared unprotected spreadsheet. OK, passwordstate can definitely do single sign on, we have ours doing this with our O365 credentials, I expect it should also be able to do it with AD if required. My terminology probably is not where it should be, I'm basically a hobbyist who got lucky in being hired into an IT position. Having the user log into Windows and also having the password manager unlock at same time as well is the desired outcome in our use case. I personally don't think its necessary and we're essentially just making our security a single point of failure system by having everything unlock with just one credential.īasically single sign on (I guess?). As far the "best option" remark, I was just voicing a personal frustration I guess. Users, but they are very computer illiterate. This bossman is hoping to have our users only remember one password andĪlso only have to enter it once. Password vault/manager/thingy auto complete their credentials. After which they'll be able to have the browser plugin for said Windows and the password vault/manager/thingy will unlock at log in as In layman's terms my boss is wanting our users to be able to log into Don't know if partial autocomplete might be configured too. I assume that when dropping autocomplete, security impacts might be reduced. My concerns are about impacts of security issues when using in such a configuration. I agree with your concerns that such a password maanger configuration isn't the best option, regardless how you define best option in that context. I agree with your peers that a password manager is necessary. How do you define best option? How do your peers define best option? I’m not sure having the password manager authenticate and unlock at user log in is the best option. Can't comment on this last feature as I don't understand what you mean by that. But I know that this software has plug-ins to support all other features you mentioned. I use KeePass v2 in a different configuration as I've different needs. ![]()
0 Comments
Leave a Reply. |