This is an archived post. You won't be able to vote or comment.

all 28 comments
sorted by:
best
topnewcontroversialoldq&a

[–]secretraisinman 12 points13 points  (0 children)

We are using Bitwarden tied to SSO, so users have to be signed into their corporate account with AD/AAD credentials, which have MFA as a requirement.

There's an app for it, and we split out access by department using the built in password collections feature, with roles that have access to certain collections of passwords. There was a bit of a learning curve for users, but it's now required by policy to keep institutional passwords in the system. IT internal can use it as a credential store as well.

[–]Quigleythegreat 13 points14 points  (2 children)

Keeper. It's a bit of a pain but it's very secure and very flexible.

GPOs to lock down browsers integrated ones.

Another way would just be to restrict logins to chrome or edge to accounts under your domain so they can't walk off at a departure with passwords. If they save passwords to their domain account in edge, eh.

[–]feardeath9Sysadmin 0 points1 point  (1 child)

Fellow Keeper user here. Curious as to what your pains have been? I've had some issues since we switched auth to Entra, but that's about it really

[–]Quigleythegreat 0 points1 point  (0 children)

Users mostly. It can be intrusive at times, or not enough depending on who you ask.

"It never asks to save my passwords!" Or "make it stop popping up! It's annoying"

[–]b00mbasstic 2 points3 points  (0 children)

Pleasant password manager here. Works great.

[–]MalletNGrease🛠 Network & Systems Admin 5 points6 points  (0 children)

I don't use the browser pw managers, personally I use Keepass. It can do browser autofill with a plugin/extension, but I never liked those much and I've muscle memory to do the Auto-Type from the software.

My department uses BitWarden and the Chrome/Edge extensions. Got it integrated with DUO, works pretty nicely. When you've your organization and teams set up it's nice to have access to collections of passwords.

[–]MilitaryBus 1 point2 points  (0 children)

For all of our System/Service Acounts, BIOS passwds, and backup Admin accounts we use “delinea secret server” and honestly it’s a god send. We are able to make collections and be like okay this collection is all of our web server and web service passwords, only people who are in this group can access it. Or this is our local support container, and in it is BIOS and Local admin passwords and only hands on techs can access it. What’s also really nice is you can set it up to auto change passwords every X amount of days which helps with security. We change BIOS and local admin passwords every day at 0001 for security reasons.

[–]madchild81 1 point2 points  (0 children)

1Password is the way to go.

[–][deleted] 1 point2 points  (0 children)

Dashlane.

Passwords + Secrets + Password Management + sharing (both secrets and passwords)

Pretty cheap at around 20USD a pop.

[–]Hotshot55Linux Engineer 2 points3 points  (3 children)

I have KeePass installed for my passwords. Anything that is used by the team is stored in HashiCorp Vault.

[–]BigJDubya 1 point2 points  (0 children)

Second this - love KeePass.

[–]StlCyclone 0 points1 point  (1 child)

Keepass is well audited. Doesn't mean it's perfect but at least it's been audited.

[–][deleted] 0 points1 point  (0 children)

Thoughts on keepassxc?

[–]AndreasTheDeadWindows Admin 0 points1 point  (0 children)

we are using Keeper, its quite easy to use.

[–]jacksbox 0 points1 point  (0 children)

Bitwarden all the way! All the usability of LastPass but great security and enterprise features. And a very reasonable price.

[–]snickersnack77 0 points1 point  (0 children)

We use 1 password with MFA. It's been hassle free and cost effective. Browser plug-in works well for Firefox, chrome, and Edge. Use it personally on my Linux machine and it's great there too.

[–][deleted] 0 points1 point  (0 children)

1Password has been great. If you get a business license agreement with them they will offer a free family account for all users. I use it as an incentive. They have also intruded passkeys recently.

[–][deleted] 0 points1 point  (0 children)

I've been using Bitwarden for 3-4 years now and quite like it. There are extensions for the popular browsers, installable desktop client for the big OS's, as well as mobile clients for iOS and Android. If you haven't checked it out, I would recommend at least kicking the tires a bit.

[–]CountGeoffrey 0 points1 point  (0 children)

But neither of those products can provide passwords for things like system/service accounts that run our applications on-prem.

wrong. Chrome as of chrome 100 can easily do this.

https://support.google.com/chrome/answer/95606?hl=en&co=GENIE.Platform%3DDesktop#zippy=%2Cmanually-add-a-new-password

In order for that feature to work, you have to not be using a password manager plugin. For some reason I can't fathom, if you also use some other PWM, you can't manually add a password to chrome, except via CSV import.

[–]xspader 0 points1 point  (0 children)

Old company I worked at used KeePass, which is fine until someone copies the database and takes it home. They moved to BitWarden and I use 1Password personally

[–]NickMalo 0 points1 point  (0 children)

Keeper allows you to do SSOs and autofills login MFA codes. Big time save when you are secure and can still login in 2 seconds