Our organization has a department using Google Password Manager on a shared Gmail account, which unfortunately gives everyone visibility of each other's passwords. I understand this poses two big problems: first, we need a more robust password manager beyond what's offered by browsers like Edge and Chrome, and second, we should ideally avoid using shared accounts. Currently, except for the Communications team's Gmail, we don't have other shared accounts.
Since we're a Microsoft-focused organization, the Comms team requires a shared account to access platforms like Google Analytics, Gmail, YouTube, and LinkedIn. I've been considering a few options to manage this situation:
A) Let the IT Manager take control of the shared Gmail account, auto-forwarding all emails to the Comms shared mailbox for verification codes. This would prevent them from using shared accounts for passwords.
B) Block Chrome and allow only Edge. This has the advantage of connecting their enterprise Microsoft accounts but might annoy staff since they prefer Chrome.
C) Block the Password Manager on Chrome and either instruct the Comms team to use Edge or provide a different password manager on Chrome for them. However, they would still have access to the shared Gmail account.
I'm open to suggestions for a better solution. Thanks!
5 Answers
Explore Devolutions as a password management option—while I haven’t used it personally, their Remote Desktop Manager is impressive, and their support is stellar, so I trust their other products would be equally reliable.
The simplest route is to enforce an enterprise password manager across your organization and use tools like Intune or group policy to disable all personal password management capabilities in browsers. This way, you can retain some browsing functionality while ensuring security.
You might want to consider an enterprise password management solution like Bitwarden or Keeper. These tools allow for much better control and access management compared to browser password managers. Plus, applying a default deny rule for browser extensions can add an extra layer of security. If your team decides to go with Bitwarden, it’s known for being user-friendly and solid in enterprise settings.
Forget about browser-based password managers! Implementing something like Dashlane or Bitwarden with group policy can effectively restrict unauthorized password management. Set rules to block other password managers in your browsers and encourage the team to adopt the new solution with proper onboarding.
Definitely look into getting a strong enterprise password manager. Keeper is highly recommended, and I’ve used it myself. It provides easy management of shared credentials, handling both security and accessibility really well. Just ensure to disable password management features in browsers to minimize risks.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures