Obscuring passwords from employees, 1Password solution?
Hi,
Please accept my apologies if this is documented.
Scenario:
I have lets say 10 sites that I need to allow 5 employees access to (all on Windows). However, I don't want to give these employees any way to be able to view the passwords for these sites. I need them working on the sites at home and in offices over multiple locations, but as the data is so sensitive I cannot allow them to be able to view the actual passwords they are using to log in.
Hope that makes sense, will 1Password work for me?
Thank you in advance
Comments
-
There is no way for you to share a Login item in 1Password but have them "opaque"; in other words, there's no such thing as a "use-only" Login item in 1Password.
You can easily share a subset of your Login items with your employees, but they will full access to them.
Whenever one of them leaves, you will need to change the passwords for sites to which he or she had access. (That's the recommended best practice for security, anyway.)
0 -
@exospec What you're asking is impossible. You cannot allow your employees to log in (at home and in the office over multiple locations), without them "seeing" the passwords because those passwords are decrypted in memory (and maybe on the clipboard) at some point. No matter how much obfuscation you do, any employee with more than a little bit of IT experience will be able to "see" the passwords.
0 -
There's also the fact that very few sites have user management below the account level. If you can login to a site then you can do anything to that account, including changing the password.
If the site does have user management below the account level then it should include options for each user to have their own username and password.
0 -
Thank you all for the replies, will think this through some more.
0 -
A separate vault will segregate items you wish to share from those you don't, but you'll definitely want to change the password at any site to which a departed employee should no longer have access. Storing that new password in the shared vault will automatically make it available to remaining employees.
Let us know if there's anything else we can do to help, @exospec.
0