Does your organization have in place or provide Password Management Tools for personal account usage? Many Password Management tools offer or provide a federated or linked licensing model. Just curious on how many people offer and promote this as a benefit to their employees.

5.5k views1 Upvote8 Comments

Sort by:

VP of Technology3 months ago

It seems like my answer goes against other's opinions here. However, we use "in browser" solutions for employees with computer access. We subscribe to a managed Microsoft 365 solution. So, when an employee is signed in to that 365 solution and uses the Microsoft Edge web browser, their passwords are stored with their 365 account. If a user accesses more than one workstation, their credentials move with them. "They're encrypted using AES and the encryption key is saved in an operating system (OS) storage area. This technique is called local data encryption." The user's 365 accounts have 2FA/MFA enforced and the user profiles are encrypted on the computers. I do not see a problem with this, for most users.

I am evaluating Bitwarden for Executive use and by the Technology Department. My view on this is that people with more access need more security.

Group CIO3 months ago

I am looking for a Password Management Tool for business users too. Our users handle many passwords for external business related services and we would like to manage them. I would prefer to use the same tool for IT e non IT people, with segregated access. We also need to manage the case that someone leaves the organization... Which tool would you advice? Thank you!

Director of IT5 months ago

At Cisco, we use CyberArk for enterprise secrets and provide 1Password for employees individual accounts at no cost. Storing passwords in browsers is strongly discouraged by providing an alternative

1 1 Reply

no title3 months ago

Hi Dileep - can you expand on the reasons for not encouraging in browser password management please? Thanks!

Director of Information Security5 months ago

Any chance that anyone has proved WPM for not IT / Business users? If so what did you deploy and any gotchas?

Thanks!

Chief Technology Officer in Educationa year ago

We used LastPass until their breach debacle. We've used Bitwarden for a couple of years and really like it. Our managed accounts are limited to the IT department.

Content you might like

Which cybersecurity metrics do you currently use with your board?

We use Microsoft PowerBI extensively at the company. Over 15,000 reports.
For our "corporate" reports, like financials or HR, we centralize those requests and attend them with my team.
We currently "extract" information from multiple systems (ie. SAP, SuccessFactors, CRM, etc...) and put in into a SQL Analysis Services. For interpreting the data we have a Semantics model in PBI.
The problem I see is we can't scale enough to comply with the reporting demands as the semantic model is "unique" and we end up having only one or two developers that can work at a time.
Anyone has an idea how to scale their PBI teams without having to redevelop the semantic model per report?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%

View Results

How confident are you in letting AI agents take autonomous actions after a SIEM or XDR alert?
Are you using them today? If not, what’s holding you back?

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%