All signs point to the LastPass situation being very bad. We are looking for a replacement and hopefully one that hasn't built a system that can be so entirely exploited.<p>Preliminary requirements would be:<p>- shared secrets and passwords<p>- 2FA support (both for login and OTP codes)<p>- individual / team level access controls<p>- browser plugin support for Safari / Chrome<p>Would appreciate any suggestions, both for the replacement and for the list of requirements.<p>edit: formatting
I just implemented 1Password with a company of about 40 people. They have great onboarding trainers and will go the extra mile to answer questions. For people that are moving from another manager to this, it's a simple process. For people that have never used a password manager before, the browser extension, mobile and desktop apps make it hurt less.<p>I really like being able to add One-Time Passwords to any record, so we're not dealing with additional auth apps. The browser based UI makes it easy to add or update logins as you go. In addition, having controls to recover an account for someone that's locked out and has lost their Emergency Recovery Kit gives the execs some peace of mind. The secret key changes, so the old ERK is invalid should it be found later.<p>Individual and team level controls are available. We have some shared accounts, but you can create as many Groups and Vaults as you need. You can set access rights at multiple levels. So one group/person may be able to edit records, but another group/person can only read them to log in.<p><a href="https://support.1password.com/create-share-vaults-teams/" rel="nofollow">https://support.1password.com/create-share-vaults-teams/</a><p>Brian already mentioned the free family account. It's brilliant.
1Password, nothing else is close in UX and maturity. Cost is lower with Bitwarden, but for corporate use it doesn't matter.<p>Using 1Password for 2FA reduces it to 1FA (owning a single developer's machine gains access to both the password and the second factor). Bite the bullet and go for Okta or any other corporate SSO platform (and all the associated costs - the "SSO tax" - from all the vendors you use SSO with) if you want proper MFA in a corporate environment.<p>This is the right path to plan for anyway -- as a small company in view of the SSO tax, shared passwords are a requirement. But you should be planning to gradually move away from that into proper SSO in order of system risk and as finances permit.
1Password for sure.<p>The addition of the secret key that is generated locally on your machine and not stored at 1Password + your master password + 2FA like a Yubico Yubikey is quite nice and adds significant security over LastPass.<p>The teams based accounts also include free family plans, it's wonderful. My wife's work pays for her premium 1Password which includes free premium family vault plans for me and her at no cost to us. These are entirely separate and cannot be accessed by her work - but are included for us to use.<p><a href="https://blog.1password.com/how-1password-protects-your-data/" rel="nofollow">https://blog.1password.com/how-1password-protects-your-data/</a><p><a href="https://support.1password.com/secret-key-security/" rel="nofollow">https://support.1password.com/secret-key-security/</a><p><a href="https://blog.1password.com/what-the-secret-key-does/" rel="nofollow">https://blog.1password.com/what-the-secret-key-does/</a>
Use 1Password. They allow users to connect multiple accounts at once (personal + work + etc), which the Bitwarden devs have expressed confusion over for the last few years. 1Password also has package deals with various services that your org probably already uses, and a SCIM setup for provisioning users and permissions.
We were just having this conversation yesterday and decided to bite the bullet and move to 1Password. Not that much more expensive, native desktop clients, name isn't synonymous with leaks/vulnerabilities.
We found 1Password too feature rich for our basic users, some of whom are older.<p>BitWarden, on the other hand, was almost too bare bones.<p>Maybe with training, 1Password will be viable for us.
anyone with experience or opinions on keeper? <a href="https://www.keepersecurity.com/" rel="nofollow">https://www.keepersecurity.com/</a>
anyone with experience/opinions on <a href="https://www.keepersecurity.com/" rel="nofollow">https://www.keepersecurity.com/</a>?