ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Deploying a password manager product to an entire company?

    Scheduled Pinned Locked Moved IT Discussion
    38 Posts 9 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @DarienA
      last edited by

      @DarienA said in Deploying a password manager product to an entire company?:

      @DustinB3403 said in Deploying a password manager product to an entire company?:

      @DarienA said in Deploying a password manager product to an entire company?:

      @DustinB3403 said in Deploying a password manager product to an entire company?:

      @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

      Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

      We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

      By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.

      Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.

      D 1 Reply Last reply Reply Quote 2
      • D
        DarienA @DustinB3403
        last edited by

        @DustinB3403 said in Deploying a password manager product to an entire company?:

        @DarienA said in Deploying a password manager product to an entire company?:

        @DustinB3403 said in Deploying a password manager product to an entire company?:

        @DarienA said in Deploying a password manager product to an entire company?:

        @DustinB3403 said in Deploying a password manager product to an entire company?:

        @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

        Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

        We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

        By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.

        Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.

        Understood.

        DustinB3403D 1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403 @DarienA
          last edited by

          @DarienA said in Deploying a password manager product to an entire company?:

          @DustinB3403 said in Deploying a password manager product to an entire company?:

          @DarienA said in Deploying a password manager product to an entire company?:

          @DustinB3403 said in Deploying a password manager product to an entire company?:

          @DarienA said in Deploying a password manager product to an entire company?:

          @DustinB3403 said in Deploying a password manager product to an entire company?:

          @DarienA Yes and no. We have, but not every employee has a need for it. We use LastPass, simple effective and free for 90% of our users.

          Are you saying you that you have your users setup their own free accounts or that you are using say the enterprise version and the cost is absorbed by your company for all the user accounts?

          We have the bulk setup their own free account using their business email address, then we invite them into whatever shared folders they need access too.

          By utilizing the free version though you lose the ability to force certain requirements and rules by policy though since each free account is technically unmanaged correct? I've found many of those policies to be very helpful.

          Correct, but the users who use the free accounts, aren't creating credentials in our environment. They are just accessing services we provide and need a quick and simple way to login without needing to know the username or password.

          Understood.

          You can always provide their account a license in your corporate account so that that can add services if you needed.

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            I have started a slow rollout of this at my company. it's not going very well for multiple reasons.

            1. my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
            2. my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
              3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually.
            3. Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
              5)LP won't fillout passwords for sites/applications inside a Citrix session
            4. Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)

            Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.

            scottalanmillerS D 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said in Deploying a password manager product to an entire company?:

              my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

              Because, I don't know, HIPAA?

              DashrenderD DustinB3403D 2 Replies Last reply Reply Quote 2
              • DashrenderD
                Dashrender @scottalanmiller
                last edited by

                @scottalanmiller said in Deploying a password manager product to an entire company?:

                @Dashrender said in Deploying a password manager product to an entire company?:

                my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                Because, I don't know, HIPAA?

                Don't get me started.

                scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said in Deploying a password manager product to an entire company?:

                  @scottalanmiller said in Deploying a password manager product to an entire company?:

                  @Dashrender said in Deploying a password manager product to an entire company?:

                  my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                  Because, I don't know, HIPAA?

                  Don't get me started.

                  Why does HIPAA never do audits? I'm so upset that the government made a security standard so low, and then even ruins that by have zero enforcement.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @Dashrender
                    last edited by

                    @Dashrender said in Deploying a password manager product to an entire company?:

                    @scottalanmiller said in Deploying a password manager product to an entire company?:

                    @Dashrender said in Deploying a password manager product to an entire company?:

                    my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                    Because, I don't know, HIPAA?

                    Don't get me started.

                    Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.

                    S 1 Reply Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @scottalanmiller
                      last edited by

                      @scottalanmiller said in Deploying a password manager product to an entire company?:

                      @Dashrender said in Deploying a password manager product to an entire company?:

                      my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                      Because, I don't know, HIPAA?

                      hahaha that's funny.

                      1 Reply Last reply Reply Quote 0
                      • D
                        DarienA @Dashrender
                        last edited by

                        @Dashrender said in Deploying a password manager product to an entire company?:

                        I have started a slow rollout of this at my company. it's not going very well for multiple reasons.

                        1. my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
                        2. my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
                          3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually.
                        3. Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
                          5)LP won't fillout passwords for sites/applications inside a Citrix session
                        4. Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)

                        Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.

                        I feel your struggle. At least for 1 LP offers some nice plan english security descriptions of their service and for 2 you can force only be logged onto one device at a time as rule (I think there's a timeout setting as well).

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • S
                          scotth @Dashrender
                          last edited by

                          @Dashrender said in Deploying a password manager product to an entire company?:

                          @Dashrender said in Deploying a password manager product to an entire company?:

                          @scottalanmiller said in Deploying a password manager product to an entire company?:

                          @Dashrender said in Deploying a password manager product to an entire company?:

                          my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                          Because, I don't know, HIPAA?

                          Don't get me started.

                          Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.

                          I did a camera installation for a doctor purchased from CostCo - maybe $350 because HIPAA. Checked his office PC's. All running XP, transacting over the internet after 7 had been out for over 5 years. Got him a quote for all 8 workstations updated to 7 and a mini server with backups for around $8k. He turned red, choked and almost died on the spot.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @DarienA
                            last edited by

                            @DarienA said in Deploying a password manager product to an entire company?:

                            @Dashrender said in Deploying a password manager product to an entire company?:

                            I have started a slow rollout of this at my company. it's not going very well for multiple reasons.

                            1. my boss doesn't trust having all of her passwords in a password manager - she thinks it will be hacked
                            2. my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?
                              3)My fraking EHR does it's password changes in a popup window that LP can't see into, so LP's password change mechanism doesn't work forcing users to change it manually, then updating the vault manually.
                            3. Our timeclock provider (web based) requires there pieces of information when logging in (username, password, last 4 of SSN) - LP has a very hard time reading the field names correctly and thus storing the password and SSN correctly. It normally takes me 15 mins to get that working for users (deleting the vault entry, manually updating specific fields, sometimes deleting fields and readding them, etc)
                              5)LP won't fillout passwords for sites/applications inside a Citrix session
                            4. Not sure this is an issue anymore, but LP being installed into the browser had an adverse affect on performance in one area of our EHR, removing it and the timeout issue was gone. Found no way to tell LP to ignore the page, yet still allow LP to be used for the EHR main logon. (and not sure there was a way to completely disengage LP on any given site at all)

                            Now perhaps a different password manager would get around most or all of these problems.. but I haven't had time to look into it. Of course, a different password manager won't solve 1 or 2.

                            I feel your struggle. At least for 1 LP offers some nice plan english security descriptions of their service and for 2 you can force only be logged onto one device at a time as rule (I think there's a timeout setting as well).

                            Because my manager/boss doesn't like it - and the doctors will refuse to use it due to using literally dozens of computers, many of which we do not manage, so LP won't be on them - there is no way management/the board would approve purchasing LP Enterprise for staff.

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @scotth
                              last edited by

                              @scotth said in Deploying a password manager product to an entire company?:

                              @Dashrender said in Deploying a password manager product to an entire company?:

                              @Dashrender said in Deploying a password manager product to an entire company?:

                              @scottalanmiller said in Deploying a password manager product to an entire company?:

                              @Dashrender said in Deploying a password manager product to an entire company?:

                              my physicians don't use the same device all the time, they move constantly. Plus they won't even log out of the EHR when they leave an area, why would they bother to log out of LP?

                              Because, I don't know, HIPAA?

                              Don't get me started.

                              Drs who practice out and out hate HIPAA - borderline don't give a shit about your privacy... they care about having whatever whenever as easy as possible. Many of them don't see the benefit to privacy/security.

                              I did a camera installation for a doctor purchased from CostCo - maybe $350 because HIPAA. Checked his office PC's. All running XP, transacting over the internet after 7 had been out for over 5 years. Got him a quote for all 8 workstations updated to 7 and a mini server with backups for around $8k. He turned red, choked and almost died on the spot.

                              Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y. I'm in no way surprised he choked.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Dashrender
                                last edited by

                                @Dashrender said in Deploying a password manager product to an entire company?:

                                Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y

                                How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.

                                DashrenderD IRJI 2 Replies Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Deploying a password manager product to an entire company?:

                                  @Dashrender said in Deploying a password manager product to an entire company?:

                                  Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y

                                  How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.

                                  Don't ask me - just some stat I read in a journal years ago.... I suppose it could be higher today.

                                  1 Reply Last reply Reply Quote 0
                                  • IRJI
                                    IRJ
                                    last edited by

                                    HIPAA is so lax that the only real solution is to throw it out and replace it with something decent like in the EU. EU is definitely the leader in privacy.

                                    1 Reply Last reply Reply Quote 1
                                    • IRJI
                                      IRJ @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Deploying a password manager product to an entire company?:

                                      @Dashrender said in Deploying a password manager product to an entire company?:

                                      Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y

                                      How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.

                                      A walmart manager makes $240k in a low cost area?

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @IRJ
                                        last edited by

                                        @IRJ said in Deploying a password manager product to an entire company?:

                                        @scottalanmiller said in Deploying a password manager product to an entire company?:

                                        @Dashrender said in Deploying a password manager product to an entire company?:

                                        Another reality is that many Drs offices run on a shoestring budget... most GPs only make around $120K/y

                                        How can it be that low? I mean, I agree that it should be that low, the average GP isn't very good and other than paying off their student loans rarely earns a market value much above the ability to eat, but that seems ridiculously low when a department manager at a Walmart in a low cost area can easily make double that.

                                        A walmart manager makes $240k in a low cost area?

                                        Department manager, yes. Store managers, way more.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Walmart store manager near me (I'm in one of the lowest cost major metros in the country) was in the $400K range. Which makes sense if you think about the volume of business a Walmart does and their need to have skilled people in those roles. If you can't pay prevailing wages, you'd be screwed. Department managers (real ones, not office managers) in finance can be $300-850K in a low cost area (easily seven figures in high cost ones) as a comparison for a competitive type job that depends primarily on broad management and business skills.

                                          1 Reply Last reply Reply Quote 0
                                          • NDCN
                                            NDC
                                            last edited by

                                            @scottalanmiller said in Deploying a password manager product to an entire company?:

                                            Walmart store manager near me (I'm in one of the lowest cost major metros in the country) was in the $400K range. Which makes sense if you think about the volume of business a Walmart does and their need to have skilled people in those roles. If you can't pay prevailing wages, you'd be screwed. Department managers (real ones, not office managers) in finance can be $300-850K in a low cost area (easily seven figures in high cost ones) as a comparison for a competitive type job that depends primarily on broad management and business skills.

                                            Probably not definitive but Glassdoor suggests ~140k on average for Walmart store managers. That would put your acquaintance well on the north end of what people are reporting for compensation for that position.

                                            scottalanmillerS DashrenderD 3 Replies Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post