ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Deploying a password manager product to an entire company?

    Scheduled Pinned Locked Moved IT Discussion
    38 Posts 9 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @DarienA
      last edited by

      @DarienA said in Deploying a password manager product to an entire company?:

      @DustinB3403 said in Deploying a password manager product to an entire company?:

      @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

      Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

      We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

      D 1 Reply Last reply Reply Quote 0
      • D
        DarienA @DustinB3403
        last edited by

        @DustinB3403 said in Deploying a password manager product to an entire company?:

        It goes about as smooth as you'd expect, just setup your recovery methods and provide an overarching training on how to use whatever tool you are rolling out.

        It'll be lastpass I've used it personally for years and we rolled out the Enterprise version to some of the IT folks a bit back.

        1 Reply Last reply Reply Quote 0
        • D
          DarienA @DustinB3403
          last edited by

          @DustinB3403 said in Deploying a password manager product to an entire company?:

          @DarienA said in Deploying a password manager product to an entire company?:

          @DustinB3403 said in Deploying a password manager product to an entire company?:

          @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

          Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

          We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

          By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.

          DustinB3403D 1 Reply Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403
            last edited by

            Without knowing your exact use case, I would just have people signup as required. Unless you're paying for each and every employee.

            In any case, you're going to have to hand hold every employee, walk them through the OTP setup, recovery questions, cellphone details as I don't think there is any way you can do this for them.

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403 @DarienA
              last edited by

              @DarienA said in Deploying a password manager product to an entire company?:

              @DustinB3403 said in Deploying a password manager product to an entire company?:

              @DarienA said in Deploying a password manager product to an entire company?:

              @DustinB3403 said in Deploying a password manager product to an entire company?:

              @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

              Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

              We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

              By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.

              Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.

              D 1 Reply Last reply Reply Quote 2
              • D
                DarienA @DustinB3403
                last edited by

                @DustinB3403 said in Deploying a password manager product to an entire company?:

                @DarienA said in Deploying a password manager product to an entire company?:

                @DustinB3403 said in Deploying a password manager product to an entire company?:

                @DarienA said in Deploying a password manager product to an entire company?:

                @DustinB3403 said in Deploying a password manager product to an entire company?:

                @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

                Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

                We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

                By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.

                Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.

                Understood.

                DustinB3403D 1 Reply Last reply Reply Quote 0
                • DustinB3403D
                  DustinB3403 @DarienA
                  last edited by

                  @DarienA said in Deploying a password manager product to an entire company?:

                  @DustinB3403 said in Deploying a password manager product to an entire company?:

                  @DarienA said in Deploying a password manager product to an entire company?:

                  @DustinB3403 said in Deploying a password manager product to an entire company?:

                  @DarienA said in Deploying a password manager product to an entire company?:

                  @DustinB3403 said in Deploying a password manager product to an entire company?:

                  @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

                  Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

                  We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

                  By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.

                  Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.

                  Understood.

                  You can always provide their account a license in your corporate account so that that can add services if you needed.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender
                    last edited by

                    I have started a slow rollout of this at my company. it's not going very well for multiple reasons.

                    1. my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
                    2. my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
                      3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually.
                    3. Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
                      5)LP won't fillout passwords for sites/applications inside a Citrix session
                    4. Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)

                    Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.

                    scottalanmillerS D 2 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said in Deploying a password manager product to an entire company?:

                      my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                      Because, I don't know, HIPAA?

                      DashrenderD DustinB3403D 2 Replies Last reply Reply Quote 2
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said in Deploying a password manager product to an entire company?:

                        @Dashrender said in Deploying a password manager product to an entire company?:

                        my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                        Because, I don't know, HIPAA?

                        Don't get me started.

                        scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said in Deploying a password manager product to an entire company?:

                          @scottalanmiller said in Deploying a password manager product to an entire company?:

                          @Dashrender said in Deploying a password manager product to an entire company?:

                          my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                          Because, I don't know, HIPAA?

                          Don't get me started.

                          Why does HIPAA never do audits? I'm so upset that the government made a security standard so low, and then even ruins that by have zero enforcement.

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @Dashrender
                            last edited by

                            @Dashrender said in Deploying a password manager product to an entire company?:

                            @scottalanmiller said in Deploying a password manager product to an entire company?:

                            @Dashrender said in Deploying a password manager product to an entire company?:

                            my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                            Because, I don't know, HIPAA?

                            Don't get me started.

                            Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.

                            S 1 Reply Last reply Reply Quote 0
                            • DustinB3403D
                              DustinB3403 @scottalanmiller
                              last edited by

                              @scottalanmiller said in Deploying a password manager product to an entire company?:

                              @Dashrender said in Deploying a password manager product to an entire company?:

                              my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                              Because, I don't know, HIPAA?

                              hahaha that's funny.

                              1 Reply Last reply Reply Quote 0
                              • D
                                DarienA @Dashrender
                                last edited by

                                @Dashrender said in Deploying a password manager product to an entire company?:

                                I have started a slow rollout of this at my company. it's not going very well for multiple reasons.

                                1. my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
                                2. my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
                                  3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually.
                                3. Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
                                  5)LP won't fillout passwords for sites/applications inside a Citrix session
                                4. Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)

                                Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.

                                I feel your struggle. At least for 1 LP offers some nice plan english security descriptions of their service and for 2 you can force only be logged onto one device at a time as rule (I think there's a timeout setting as well).

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • S
                                  scotth @Dashrender
                                  last edited by

                                  @Dashrender said in Deploying a password manager product to an entire company?:

                                  @Dashrender said in Deploying a password manager product to an entire company?:

                                  @scottalanmiller said in Deploying a password manager product to an entire company?:

                                  @Dashrender said in Deploying a password manager product to an entire company?:

                                  my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                                  Because, I don't know, HIPAA?

                                  Don't get me started.

                                  Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.

                                  I did a camera installation for a doctor purchased from CostCo - maybe $350 because HIPAA. Checked his office PC's. All running XP, transacting over the internet after 7 had been out for over 5 years. Got him a quote for all 8 workstations updated to 7 and a mini server with backups for around $8k. He turned red, choked and almost died on the spot.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @DarienA
                                    last edited by

                                    @DarienA said in Deploying a password manager product to an entire company?:

                                    @Dashrender said in Deploying a password manager product to an entire company?:

                                    I have started a slow rollout of this at my company. it's not going very well for multiple reasons.

                                    1. my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
                                    2. my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
                                      3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually.
                                    3. Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
                                      5)LP won't fillout passwords for sites/applications inside a Citrix session
                                    4. Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)

                                    Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.

                                    I feel your struggle. At least for 1 LP offers some nice plan english security descriptions of their service and for 2 you can force only be logged onto one device at a time as rule (I think there's a timeout setting as well).

                                    Because my manager/boss doesn't like it - and the doctors will refuse to use it due to using literally dozens of computers, many of which we do not manage, so LP won't be on them - there is no way management/the board would approve purchasing LP Enterprise for staff.

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @scotth
                                      last edited by

                                      @scotth said in Deploying a password manager product to an entire company?:

                                      @Dashrender said in Deploying a password manager product to an entire company?:

                                      @Dashrender said in Deploying a password manager product to an entire company?:

                                      @scottalanmiller said in Deploying a password manager product to an entire company?:

                                      @Dashrender said in Deploying a password manager product to an entire company?:

                                      my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                                      Because, I don't know, HIPAA?

                                      Don't get me started.

                                      Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.

                                      I did a camera installation for a doctor purchased from CostCo - maybe $350 because HIPAA. Checked his office PC's. All running XP, transacting over the internet after 7 had been out for over 5 years. Got him a quote for all 8 workstations updated to 7 and a mini server with backups for around $8k. He turned red, choked and almost died on the spot.

                                      Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y. I'm in no way surprised he choked.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in Deploying a password manager product to an entire company?:

                                        Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y

                                        How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.

                                        DashrenderD IRJI 2 Replies Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Deploying a password manager product to an entire company?:

                                          @Dashrender said in Deploying a password manager product to an entire company?:

                                          Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y

                                          How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.

                                          Don't ask me - just some stat I read in a journal years ago.... I suppose it could be higher today.

                                          1 Reply Last reply Reply Quote 0
                                          • IRJI
                                            IRJ
                                            last edited by

                                            HIPAA is so lax that the only real solution is to throw it out and replace it with something decent like in the EU. EU is definitely the leader in privacy.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post