Ask Slashdot: Open Source Multi-User Password Management?

An anonymous reader writes "I work in a network environment that requires multiple people to have access to numerous Wireless Access Keys, iTunes/iCloud accounts/passwords, hardware appliance logins, etc. I'm attempting to replace the ever popular 'protected' excel spreadsheet that exists in almost every network with all usernames and passwords just waiting to be discovered. Are there any open source, multi-user, secure and preferably Linux-based password management tools that the Slashdot community would recommend?"

Better than the last place I worked at

[Hamsterdan]

It was all done on a network drive in Notepad. (Ironic thing is it was a security-related department)

Re:Better than the last place I worked at

If only there was +1 sad..

Re:Better than the last place I worked at

[jtownatpunk.net]

I once had a job where the list was kept on a printed page stored in a locked filing cabinet (no, it wasn't in the basement).

Re:Better than the last place I worked at

Was it in a disused lavatory with a sign on the door saying 'Beware of the Leopard'?

Re:Better than the last place I worked at

[rwa2]

Heh, the best thing that I could come up with in a Wintel-centric environment was an encrypted zip file containing an excel spreadsheet. The master password would be periodically rotated and sent to people in an encrypted email.

We had access to Keepass or something similar, but our management couldn't be bothered to install it from the depot :P

Re:Better than the last place I worked at

[rwa2]

Oh yeah, but it sucked because opening an excel spreadsheet in a zip file would cause it to be extracted to the temp dir first :P

Re:Better than the last place I worked at

[forkazoo]

We use phpchain at work for this sort of thing. A few hundred accounts for various servers, devices, vendor support accounts, and logins for accounts at companies we work with. All stored securely. Google it if you arent familiar with it. It has been a huge win for us, and does everything asked for. We even wrote a simple search functionality for at that I think has been rolled into mainlIne at this point. Certainly better than a plain text file on a shared drive!

(tried posting this previously, but I wasn't logged in. Trying again now that I have gotten home. Hopefully it is more noticeable now.)

Re:Better than the last place I worked at

[mortonda]

And the lights were off, and the stairs were broken!

Re:Better than the last place I worked at

[halfnerd]

Can you actually share a password with several users using phpchain? It seems to me like everyone only has access to their own passwords.

Re:Better than the last place I worked at

[Prosthetic_Lips]

When our last SysAdmin left, he left us an unencrypted Excel file of passwords. Since he used it as his central repository of passwords, not just for our local group that he was supporting, that gave us several passwords that were outside of our control. It actually has come in handy; previously we had to request some changes from IT (e.g. a DNS change for a staging website), and now we are able to do that ourselves.

Of course, an Excel file on a shared drive would not be my suggested solution! And if you think Excel's password capability is useful, I'd suggest doing a Google search -- there are a LOT of programs that can crack that. I've had to use one, on a spreadsheet that was read-only without a password that a previous employee left us. It took all of a few minutes for the program to come up with a solution. Passwords that only keep the good guys out are not worth it.

Re:Better than the last place I worked at

[qubezz]

It sounds like the asker is in an enterprise windows network. What you might use yourself is different from what you replace an Excel spreadsheet with on your company's network.

I have deployed and administered Network Password Manager. A bland name for a very good Windows-only password manager. It has a real client and server, AES encryption, lets you create a tree of passwords, and access control to different parts of the tree is done with active directory, meaning you can let an "accountants" and/or "bookkeepers" group in your directory have read-only access to a tree "financial passwords", and a "managers" group or particular users can have modify or admin access to those passwords. This means you can just update personnel changes in active directory instead of having another program where you must update rights for every user. On dismissal, you can review passwords that the user had access to and reset just those apps/sites. Individual users can also have their own tree for their convenience that nobody else can access, although If I recall, the system admin can see all passwords.

This degree of rights control is very useful when you run several different programs on your own network with different user accounts, along with vendor account sites (ordering, financial, billing, shipping, etc.) where you have to bend to another company's account and password system, which might give your whole company only one or a few logins.

For my own stuff, I have text files (both flat and encrypted), passworded Firefox password manager, and Blackberry Password Keeper. A $50 Blackberry (with no SIM card if you have something to hide) makes for a better password device than anything purpose-built you can buy; with encrypted disk storage, encrypted password storage, and no-touch USB backup, it is pretty secure - you can set it to wipe itself if a bad password is entered just three times, it can take different passwords to unlock the device vs getting to password keeper, you can install "decoy" password apps, and there are no biometrics that can bypass protection (showing it a picture of you, or using your removed fingers or eyeballs).

Re:Better than the last place I worked at

[VortexCortex]

We use phpchain at work for this sort of thing.

Uhm. You are aware that using PHP for anything security related is like making a vault door out of lit sticks of dynamite, right?

Re:Better than the last place I worked at

[dave420]

Incorrect.

Re:Better than the last place I worked at

[History's+Coming+To]

It's not a bad idea in principle, I have a client which has lots of outlets and each uses around 10 different login for various services, I supply them with a printout each month and they keep it locked in a safe at head office. There's also a little encryption on it to stop casual usage (the passwords aren't the real passwords, they've been altered using an algorithm that only two company directors know).

Of course, a filing cabinet isn't the best option, Feynman proved this by breaking into many of them at Los Alamos and leaving little notes. Instead of changing the security systems the military put out a memo saying that Prof Feynman was not to be left alone with a filing cabinet.

Re:Better than the last place I worked at

[Spiked_Three]

It was a question, it therefore can not be incorrect.

If you are referring to the questions assumptions, perhaps it would be better phrased as 'statistically, people who use php write horrible code from a security perspective, most of the time'.

Re:Better than the last place I worked at

[forkazoo]

We just use a shared account for "engineering department (location XYZ)" passwords. You can also have an individual account if you want to have private passwords, and you could put the password for any shared phpChain accounts you need to access in your private phpChain account. We have it running on an internal server, rather then something exposed to the Internet, so the danger of a breach is minimal. (If anybody makes it that far, we are already hosed.) But, the passwords are all stored in an encrypted form, so we could safely send backups offsite if we needed to, etc. Also, you need to log into the page with a normal HTTP login (which is tied to the NIS account you use everywhere on our network) before you log in with the shared phpChain account, so we have an audit trail wrt which individual person accessed what, despite using shared accounts.

Re:Better than the last place I worked at

[forkazoo]

Uhm. You are aware that using PHP for anything security related is like making a vault door out of lit sticks of dynamite, right?

There is nothing inherently dangerous about PHP. But, the phoChain login page is secured behind a normal HTTP / Apache login. So, we have it set up so you have to be logged in as a valid user before you can even see the phpChain login page. It's also on an internal server, so it can't be accessed from the Internet. (Or, if you can, we have far greater security concerns to take care of first!)

Lots of very large web sites use PHP in public facing applications every day. From what I understand, that includes Facebook. While it's easy to make vulnerabilities in PHP, there isn't any language where it is especially difficult to make them. In general, you introduce vulnerabilities in proportion to the amoung of pieces that are in motion. Something like phpChain really only does a few small things, so it is easy to see how every feature interacts with every other feature. Compared to something like Wordpress, something like phpChain is much easier to get right. It doesn't need to give content to untrusted users. It doesn't need to interoperate with other sites. It doesn't need feeds or pingbacks. It doesn't support public comments. It doesn't do embedded flash. It doesn't need a full SQL backend. It just stores some passwords. And, it does it well.

Re:Better than the last place I worked at

[Mr.+Slippery]

'statistically, people who use php write horrible code from a security perspective, most of the time'.

True. However, it's also true that statistically, people who use C++ write horrible code from a security perspective, most of the time. And people who use Perl write horrible code from a security perspective, most of the time. And people who use Java, Python, COBOL, etc., write horrible code from a security perspective -- indeed, horrible code in general -- most of the time.

There is not now, nor will there ever be, a language in which it is difficult to write bad programs.

Re:Better than the last place I worked at

[Coren22]

NPM looks interesting, personally, I implemented Password Safe: http://passwordsafe.sourceforge.net/ unfortunately, it does not handle multiple users, though I suppose you could have multiple files with different passwords and a master file with all the passwords.

Re:Better than the last place I worked at

[Anguirel]

There is not now, nor will there ever be, a language in which it is difficult to write bad programs.

Don't be silly... there are plenty of languages where it's difficult to write any program.

Re:Better than the last place I worked at

[Spiked_Three]

haha, good point. I'm glad you left c# out of it :)

Wallet

[tskirvin]

Wallet is a Kerberos-based secret management tool. It works well for me.

Re:Wallet

[miknix]

Gringotts is a secure notes manager for Linux and other UNIX-like systems. I've been using it to store passwords for more than three years.

KeePassX

KeePassX (v1) comes in the Fedora and Ubuntu repositories, and has Windows binaries. You can use simultaneous key and password encryption (if you're worried about keyloggers, or if you have to share the password in an unsafe way). It can also generate passwords of varying complexity.

Re:KeePassX

+1 for KeePass

I started using it in 2009 and haven't looked back.

It works great with my Ubuntu and Windows mix. I keep it on a USB drive.

Re:KeePassX

[Sam+the+Nemesis]

I keep it on a USB drive.

Better still, I keep my DB on Dropbox, so it is available anywhere I go - no need to carry USB pen drive.

Re:KeePassX

[rvw]

I keep it on a USB drive.

Better still, I keep my DB on Dropbox, so it is available anywhere I go - no need to carry USB pen drive.

I keep a master keepass file at my laptop. When I change it, I copy it to my dropbox folder, and there I even make two copies, one to my shared folder, which is shared with my work dropbox account. That means it is synced to my work computer as well. At work I use a different keepass database, and copy that to the same shared folder. I even sync it to the phone via dropbox, but on the phone I rarely update dropbox files. That means I have an old version of the database there. That isn't a big problem though. For most of what I need it's sufficient. When at work, I don't change the home master db, or I make a copy with a different name.

Re:KeePassX

[Rich0]

My main issue with KeepassX is that it isn't capable of running solely with an extension or bookmarklet, which means that it won't work on every OS I have. I use Lastpass as a result, though I'd prefer something equivalent that is open-source...

KeepassX in a Dropbox folder

[DarkFencer]

KeepassX in a Dropbox (or some similar sharing) folder works great. More secure encryption than Excel and better for the purpose.

Re:KeepassX in a Dropbox folder

[leuk_he]

Is it more secure?

Isn't it the same as a excell sheet with a master password on it?

(Ok, keepass is way cheaper than a excell sheet)

Re:KeepassX in a Dropbox folder

Excel passwords are easy to crack, google for "advanced office password breaker".

Re:KeepassX in a Dropbox folder

[rvw]

Is it more secure?

Isn't it the same as a excell sheet with a master password on it?

(Ok, keepass is way cheaper than a excell sheet)

I wouldn't know if it's more secure. Do you trust MS on this? Do they have a backdoor? Okay, keepass could have a backdoor as well.

Keepass is better because it's designed for it. It has a password generation tool, and it has some handy options. You have a list of keys, possibly organized in folders. If you open a list, you can set KP to not display usernames and/or passwords. So if someone is looking over your shoulder, they cannot see your password. CTRL-C and you copy your password, and then you can paste it into a password field on a website. CTRL-B copies your username. CTRL-V enters username and password in web forms that only have those two fields. Sometimes it doesn't work, but if it does it's simple and great.

Re:KeepassX in a Dropbox folder

[Prosthetic_Lips]

+1

I had to "find" a password for an Excel spreadsheet from a previous employee, and it took 1 download and a few minutes to crack the password. NOT good password encryption from the boys in Redmond. Or, perhaps they were forward-thinking and were trying to give the gummit an easy back door....

Re:KeepassX in a Dropbox folder

[frodo+from+middle+ea]

Okay, keepass could have a backdoor as well.

Keepass is opensource, if a backdoor existed, it would have been found out , reported , and closed for good. That's what open source is good at.

Re:KeepassX in a Dropbox folder

[PieterGen]

Keepass is opensource, if a backdoor existed, it would have been found out , reported , and closed for good. That's what open source is good at.

As a rule of thumb yes, but only if (!!) enough users / developers take the time to read the code and find anomalies.......

Team Pass

[dark12222000]

I've used Team Pass (site here) for a few months now. It works well enough. It's at least as secure as an excel sheet. It is however web based, so make sure to lock it down appropriately...

Re:Team Pass

[Bert64]

Of course, the app will probably shit itself the first time someone puts a ' in their password, or else return the wrong information for passwords containing \

You're referring to sql injection or magic quotes, and those who rely on the latter to prevent the former.
If coded properly (ie using prepared statements for the db calls!) this won't be a problem, and it's just as easy to write poor code in other languages.

KeePass

[DiSKiLLeR]

KeePass?

Works on Windows, Linux, OSX, iPhone, Android, and more.

You can even store the password database on the cloud if you wanted...

Why are you even considering this?

[NemoinSpace]

Go to your desk drawer. Inside there will be 3 numbered envelopes...

Re:Why are you even considering this?

Is one an offer letter for you from my firm? because it's been recinded...

KeePass

[st0nerhat]

KeePass satisfies all of your criteria:

• Open Source: It uses an OSI-certified license.
• Multi-user: You can throw the database on a Samba, NFS, etc. share and it will merge changes between different users that have the DB open at the same time.
• Secure: Supports multi-factor authentication.
• Linux-based: Works with Mono.

GPG + Dropbox

[dw]

At work, we use gpg to encrypt our password file for specific recipients, and place that file in a dropbox share. On occasion, we'll generate a snippet of the file and encrypt it for a specific user (junior admin) and place it in the same location.

Arbitrary complexity is often contrary to trustable security. If you really trust your encryption scheme, then it shouldn't matter where you store it (windows share).

Re:GPG + Dropbox

[WuphonsReach]

We create separate files by service and encrypt the contents with GPG (regular old text files with ASCII armored encryption blocks).

Dead simple, other then the GPG key management and passing around public keys. There's also the issue that every time you add someone new, you need to re-encrypt all the files (but that's a key management / PKI issue).

Since they're regular text files, they can be emailed, printed, faxed, OCRd, stuffed in envelopes / safes, etc. We stuff ours into a version control system for simplicity.

It's also a good method to use for personal accounts. Create 1 file per account / service and just encrypt the contents with GPG.

Of course,

[iplayfast]

You can use notepad...

Re:KeePass

[ArsonSmith]

sure wish webkeypass wasn't a pile of crap.

Password Safe

[matt-fu]

Out of all of the stuff I've tried for team password management, my favorite is Password Safe. I haven't tried the Linux port but apparently there are a couple: http://passwordsafe.sourceforge.net/relatedprojects.shtml The ONLY reason it beats a GPG encrypted password file is ease of use. Ideally you are hiring people who can deal with GPG but my experience is that it can be a decent learning curve just to get people to not use notepad.

Re:Password Safe

[lewko]

No real surprise. He recommends it because he designed it.

Re:Password Safe

[quintus_horatius]

We use Password Safe in Windows and pwsafe in Linux - they can access the same file if it's on a cifs share.

Re:Password Safe

[neonsignal]

Of the Linux versions

1) mypasswordsafe is no longer maintained

2) password gorilla is not particularly fast

3) pwsafe is still in beta

Having said that, they all seem to work fine with no major issues. The last one is the most similar to the current Windows version.

Re:Password Safe

[Rheingold]

We use the command-line implementation http://sourceforge.net/projects/pwsafe integrated revision control. It has a 2-way merge feature, which makes it mostly usable with revision control, even though it's a little more tedious than necessary, since you have to manually accept or reject individual changes. For a while I've wanted to implement 3-way merge so that most merges can be automatic but I will probably never get around to doing so.

The downside of the CLI pwsafe is that it supports only v2 PasswordSafe databases which fortunately works with most other interfaces but lacks some features. The other downside (especially in comparison with a GPG-encrypted file) is the lack of an agent, which regrettably means that very often terminal access is done by 'pwsafe --exportdb | less'.

There is also at least one Android app that can read the database file format: https://play.google.com/store/apps/details?id=com.jefftharris.passwdsafe

This is the best solution that I've found.

WebPasswordSafe

http://www.webpasswordsafe.net is open source and multi-platform... "Web-based, multi-user, secure password safe/manager with delegated access controls"

TiddlyWiki with TiddlerEncryptionPlugin

[lyallp]

http://tiddlywiki.com/ http://remotely-helpful.com/TiddlyWiki/TiddlerEncryptionPlugin.html The tiddlywiki is a wiki that runs in a single html file using javascript where each 'page' is called a 'tiddler' The encryption plugin allows you to apply a password to an individual tiddler or group of tiddlers. You can make the tiddlywiki public, they can see all the unencrypted tiddlers but only read the ones for which you have supplied the passwords.

Re:KeePass

You can even store the password database on the cloud if you wanted...

Why is this a good idea?

This is definitely an "itch"...

[mlts]

There isn't really anything open source that I know of that is good at multi-user password management. I've seen enterprise appliances that offer this, but those are upwards of $10,000 for a glorified 1U rack PC with locking bolts.

The best way I'd go about this is have the two top security guys in the firm build a Linux or BSD box with whole disk encryption that is locked away somewhere.

As an alternative to Linux, one could use Windows and BitLocker, then VMWare Server or Workstation. This provides protection from physical attack, although nothing is 100%.

This box would have multiple VMs on it for isolation.

One VM would have a RDBMS which can encrypt tables/rows/columns that can be backed up somehow, with the keys obviously stored well away. This would allow for database backups without compromising the stored passwords.

The second one would have the backend web application and Web server, each running in different security contexts, so an Apache compromise won't get much.

As for authentication, that exercise is left to the reader. Username and password over SSL is the minimum.

Re:This is definitely an "itch"...

[hawkinspeter]

I think you're over complicating things and you haven't considered what happens in a disaster scenario when you need to access the passwords, but don't have access to your usual hardware.

KeePass with the file stored in a DropBox folder would be a lot easier.

Re:This is definitely an "itch"...

[Hognoxious]

The best way I'd go about this is have the two top security guys in the firm build a Linux or BSD box with whole disk encryption that is locked away somewhere.

And then don't switch it on, ever.

The most secure I've found

[blake1]

Neither of these are open-source or linux-based, but... Cyber-Ark is the most secure solution I've come across - multi-factor authentication, as well as presenting passwords through a portal rather than granting access to the password file itself. Citrix had a similar solution, Citrix Password Manager, but I believe it is now EOL. For it to provide any real level of security the database needs to be abstracted from the users, otherwise it can easily copied offline and brute forced. "Use a secure password" you say? Of course, but where do you record this 128-bit randomised password?

VIM+OpenSSL

http://www.vim.org/scripts/script.php?script_id=2012

Unlike and better than the majority of the password-saferizers out
there, this keeps your passwords in a file which is both decryptable
with standardized tools and in a human readable format (assuming
you typed human readable usernames/passwords in the first place!)

Ten years from now you'll still be able to decrypt your files, and you
can share them with people who don't have the editor plugin.

Re:VIM+OpenSSL

No need to involve OpenSSL since VIM 7.3. Use:

echo "set cryptmethod=blowfish" >> .vimrc
vim -X password_file

Done.

Afterwards you open/close it normally like any other file (vim password_file), and, unlike the OpenSSL plugin, you don't need to provide a passphrase again twice when exiting a changed file.

It's semi-multi-user. If someone already has a copy open, it will give you the usual warnings about the .swp file, but will let you open it read-only. In fact, it's prudent to always open it read-only (make an alias) by default anyway.

Re:VIM+OpenSSL

Sorry:

vim -x password_file

It is :X, however, if you already have a file open and want to write it out encrypted. Make sure, you're using blowfish (default is insecure).

Not the author here...

[jjoelc]

I'm not the author, but am also watching this thread for answers...

I'd love to find something truly multi-user... Multi user in the sense that not every user would have access to all of the passwords stored in the database. Where I could set up groups and which passwords were available to a user would depend on the group they were a part of. For example, I might not mind all employees being able to look up the keys for the wireless network, but only those in the IT department having access to the admin logins for the wireless router... There are many many other examples, but hopefully you understand the gist...

Any suggestions?

Re:Not the author here...

[Hatta]

I'd love to find something truly multi-user... Multi user in the sense that not every user would have access to all of the passwords stored in the database.

Why should more than one user ever be able to access a password? One user, one account, one password, never disclosed to anyone under any circumstances whatsoever. If you need multiple users, that's what multiple user accounts and permissions are for. Anything else is just begging for trouble.

Re:Not the author here...

[Prosthetic_Lips]

Standard machine builds with an Admin / root password? When the machine flakes out and cannot connect to a domain controller, you need a local account.

Databases with "sa" account? There are some things that the database will not let an "admin" do, only the DB owner.

Re:Not the author here...

[Hatta]

1) That's what sudo is for.
2) That sounds like a database with a broken permissions system.

Re:Not the author here...

[danbeck]

Look, it must be all black and white there being the printer admin of your 5 man real estate office, but out in the real world, it never, NEVER works like that.

A short list of the billion reasons why you would need what the OP is asking for:
Web services that require a single primary administrative/billing account
Company twitter accounts and other social media accounts
Networking equipment that only allows multi-user auth through RADIUS
admin/root passwords for: databases, servers
common mail accounts shared by multiple users
common account of any random type used by more than one person that doesn't allow multi-user access
Non-enterprise wireless access points
Proprietary commercial software that requires a primary admin account
Random bits of secure information that aren't necessarily a password, but need to be accessed by multiple users

See, when you have to worry about more than out of toner messages on your HP Laserjet II, or our 5 XP laptops you connected to that AD controller, it's not all cut and dry.

Re:Not the author here...

[danbeck]

Awesome, you have it all figured out! We can just go ahead and close this Ask Slashdot then since Hatta has our answer.

Re:Not the author here...

[KookyMan]

I think one way you could make KeePass multiuser is the following setup. Keepass itself isn't, but by utilizing the existing groups of AD/*nix I think you could actually have an efficient way of doing this.

Create Keepass (v2.x) databases, one per group that you have. All the databases can share a common password if you want (won't affect security). When you create them, ensure all have a keyfile as well as a password. I would suggest naming them something like : Database-General, Keyfile-General; Database-Local Admins, Keyfile-Local Admins; Databasse-Group C, Keyfile-Group C. Distribute the common password to those individuals who need access to the shared passwords.

Simply set the read permissions on the various key files to the respective groups that these individuals should be a member of. (Alternative would be just set the read permissions on the databases as well, but if you have local keyfiles you can post the databases to a intranet website, while spreading the access key files around the file system into default drives/directories.

This means you will have multiple databases, but it shouldn't be unmanageable unless you use uber-fine granularity (3 people need one password, but are three different groups and nobody else needs that password.)

One benefit to keepass as well is in certain situations you can create a config file that will over-ride user preferences. Read the help file, I've never had a need to configure it but I think with AD policy you could make use of it.

Re:Not the author here...

[Dynedain]

You already have user access groups setup on the filesystem level. If you need different people to have different access to the password database, then split it into multiple databases, and take advantage of your existing filesystem (and hopefully domain) permission structure.

corporate vault

You can look at Corporate Vault - http://sourceforge.net/projects/corporatevault/

It's web based and you can create various groups with different level of access

SFLvault

[anarcat]

I have been keeping an eye on this project for a while. To quote their description: "SFLvault is a Networked credentials store and authentication manager. It has a client/vault (server) architecture allowing to cryptographically store and organise loads of passwords for different machines and services."

The design seems sound, and it is a server/client model which seem to fit well your "multi-user" requirement, which isn't fulfilled by any other password manager that I know of. It can also automagically log you into different services like SSH, MySQL or sudo and can do multi-hop.

The only issue I have found so far is that installing the server component is a bit of a pain (ie. no Debian package, as opposed to the client side)... but i guess this really depends on the "Linux" environment you are using...

I have been maintaining a list of FLOSS password managers in our public wiki for a while, any suggestions not mentionned there are welcome.

Re:SFLvault

[wackysalut]

Hi,

I've read on your wiki the SFLvault section. Actually, SFLvault-server uses SQLAlchemy, so can use MSSQL/MySQL/PostgreSQL/Oracle/SQLite, etc... It's just easier to deploy with SQLite :) Other things to note, is that it is scriptable in Python... we also recently updated the Debian packages, and Simon Piette packaged an .rpm for Fedora (for the client). The server is better installed in a python virtualenv, so the versions don't conflict with system-wide python libs.

We've also ported the server to Pyramid (it was initially Pylons), wrote a bunch of tests, and wrote some documentation to be published on Readthedocs.org.

Any help is welcome :)

(disclaimer: I'm the author, sorry for the shameless plug, thanks for the reference :)

Multi-user?

[anarcat]

Is it multi-user however?

Re:Multi-user?

[Electricity+Likes+Me]

KeePass 2 can be run on Mono and is multi-user for the databases - you all need the same password to decrypt the database however, but it does allow simultaneous shared access.

Re:Multi-user?

[Kalidor]

This! KeePass2 on a shared drive is how my team does it. A shared database with generic passwords and shared resources, and some of use keep our own DB's with our more accountable user id's. Because it's got the tabbed feature it's super easy to have both databases available, and with the advanced features available when you dig a little bit deeper into the entries, it's really versatile.

As the previous poster mentioned it can be run on Mono, and works quite well actually. It also has readers for most cellphone OS's so syncing it to our phones is an option. Being able to access our DB even at a colleague's desk, or when ssh'ing in from my phone has proven to be a real convenience at times.

I don't think I've seen them claim military grade encryption anywhere, but it's pretty strong. The system also allows you to increases the encryption rounds to suit your taste and tolerance. Much of this hardening however is only partially supported in the 1.x flavours of KeePass.

Re:Multi-user?

And webscale. It has to be webscale.

Re:Multi-user?

This! KeePass2 on a shared drive

You can go one better than a shared network drive by saving to a URL.
Specifically, setup a subversion server with WebDAV enabled. This way you can always go back to an old version if your db gets corrupted in any way. Subversion hook scripts can be used for implementing a backup plan (we use one to sync our keepass svn repo to a read-only mirror on a remote site.) The apache ldap auth module can be used to control access (this is on top of the actual keepass db password)

Re:Multi-user?

[Prosthetic_Lips]

I use KeePass personally. It has the capability to open multiple databases of passwords, each with their own passwords. I put my wife's logins into one, and mine into the other one.

I thought about how to use it at work (other than just putting my work ones into my personal database), and the synchronization is pretty awesome. You keep a local copy, and periodically you can sync it (it even remembers recent DBs you have sync'd with), so the shared one is still updateable. I'd suggest that over the multi-user model, only because then you have a local copy if the network goes down. Someone else suggested rotating the passwords; you can open the database and change the master password, and it re-encrypts with that one. You won't be able to sync with older DBs at that point, so you'd want to do it after you were sure everyone had their changes in (sort of like a lenient version control system).

As a previous poster noted, it even has ports for some smartphones. I copy my DB to my phone periodically; all of my userids and passwords are available from my phone (after typing the master password, of course).

My biggest draw for using it personally was the Firefox integration. It detects the form, and stores the userid/password in a format that can be auto-typed for you. No worry about keyloggers! If it doesn't detect the form (some weird, non-form-based sites, like AT&T), you still have the option to copy the userid or password to the clipboard with a menu click, so you are not just using your eyeballs to copy-and-paste (and worry about a keylogger).

It doesn't do the integration on my phone (not running Firefox there), but once you "open" a site, you have notification options for "copy userid to clipboard" or "copy password to clipboard". And, the Android version clears the clipboard and locks the database after a minute (configurable) automatically.

Re:Multi-user?

[aztracker1]

I'd also have the no-install portable executable for windows there... I use this with dropbox for my own passwords...

Re:Multi-user?

[Dynedain]

KeePass2 is Windows-only (unless you really want to deal with Mono). The original version is now forked and maintained as KeePassX with OSX and Linux builds available, along with the source.

My Password Manager

[mwdmeyer]

I wrote a web based password manager that might interest you.
It's cheap and you get all the source code on purchase.
http://codecanyon.net/item/password-manager/2145518?ref=michaeldale (includes my referrer link, but you can just delete the ref= part if you wish).

I have a demo version online here: http://www.onlinecompanyportal.com/mrp/
It does categories, multi user, active directory integration and lots more.

Re:My Password Manager

[mwdmeyer]

Um did you even check out the link? You host it yourself. Many of my clients simply run it internally on their server with no internet access what so ever. Anonymous Coward indeed.

My password tool is completely unhackable...

[JetScootr]

It's called pencil and paper. I have a notebook, and all pwds are encoded there. I have 4 simple rules for modifying what I write into what I type in. An example rule you could use is "Real pwds use only even digits; Passwords are written with all ten digits, odd digits are ignored". 2-4 simple rules will make it unhackable even for someone with physical control of passbook. (Never write down the rules - keep them in yer head).
To keep the rules fresh, use different passwords and uids for every single app or website possible. You'll always be rehearsing the rules in yer head, you won't forget them.
Here's an example from my current set: pwd= "RhinoPott=amus" Rule 1,3
I'll bet you can't guess the real password in 10,000 tries. You don't know rules 1 or 3, which modify what's written. Go ahead, give me 10000 tries in a text file - I'll let you know if you get it.
This really really works - I've been doing this way since the 1980's, and haven't misplaced a properly coded pwd yet.

Re:My password tool is completely unhackable...

[pnot]

So how does your system apply to the original question -- sharing the passwords among multiple users? Do you all copy out the relevant parts of each other's notebooks and memorize each other's rules? Or do you tell each other the unencrypted passwords and re-encrypt them individually using personal rule-sets?

Re:My password tool is completely unhackable...

[Cow+Jones]

Yes, rules like that are not uncommon. They have their uses in environments where you can't use proper encryption. However, I can see several disadvantages to your method:

For one, the dependency on a single physical storage medium (paper notebook) is a mixed blessing. On the one hand, it denies remote attackers the option to download a complete list of hashes, but on the other hand, it also denies you the possibility of retrieving your passwords when you don't have the notebook with you. Notebooks can also get lost or misplaced, they can be stolen, and they can burn. There's no easy way to make automatic backups of your password list.

More relevant to your particular system is that your rules can be reverse engineered. If someone does have access to the list, they only need a few compromised accounts (or planted passwords) to decypher the rest. If they're lucky, they may get away with a single known password. A rule like "ignore all the odd digits" can easily be cracked when the attacker knows the actual password and your garbled reminder - especially when you write down which rules you applied to it.

All in all, you're better off with a digital format and strong encryption. For passwords which are so sensitive that you can't even trust something like KeePassX (and your OS, and all the drivers on your system, etc etc) - don't write them down anywhere.

I use KeePassX, myself. The database file is in a Subversion repository. But I have to admit that one part of my setup is completely insecure: I periodically print out a full list of passwords, put it in a sealed envelope, and place it in a relative's safe. This way, if something happens to me, they can access (and close, if necessary) all of my accounts.

Re:My password tool is completely unhackable...

[Phroggy]

My company has people in (at least) three different cities who need to access various passwords (and we sometimes work from home, especially when something breaks in the middle of the night). Your solution wouldn't work for us at all.

Re:My password tool is completely unhackable...

[Pascal+Sartoretti]

It's called pencil and paper

Unhackable ? If somebody steals it from you, you will experience an original case of denial-of-service... And how do you manage backups (just in case you lost your notebook) ?

If your set of rules are really safe, why not simply write everything in an electronic note ?

PS: Re:My password

[JetScootr]

I may be a bit OCD about passwords and security - 30 years USAF and NASA have bent my brain a bit. Typing in pwds a lot doesn't bug me cuz I know my pwd mgt tool is safe because it's out of reach of hackers.

Mortimer

[eadz]

I've checked out and briefly used Mortimer ( https://github.com/aiaio/mortimer ) before and it seems a decent tool.

"mortimer is a password storage application that supports multiple users and basic permissions. The app relies on public key cryptography to facilitate a multi-user password system whose data remains secure even if the database is compromised. Admin users have permission to all password entries on the system. Users may be given permission on a password-group basis."

Re:Delete the spreadsheet.

[lewko]

I love having the password on my monitor. However I didn't like the appearance of all those Post-it notes stuck to it. So instead I changed all my passwords to "Samsung".

Mortimer

[Boltronics]

https://github.com/aiaio/mortimer

The password sharing functionality looks really interesting. I gave it a spin a few months back, but it had an annoying bug at the time (move a password out of a folder to the root level and it can disappear from the UI). I'm guessing a competent Ruby dev with a few spare hours could fork it on GitHub, fix it up and make it work real nice.

More information about it here:
http://www.alexanderinteractive.com/blog/2009/02/mortimer-a-rails-password-manager/
http://www.alexanderinteractive.com/blog/2009/08/mortimer-password-manager-redesigned-v1-2/

Re:KeePass

[Sam+the+Nemesis]

You can even store the password database on the cloud if you wanted...

Why is this a good idea?

What's wrong in keep database on cloud? As long as you are using strong password along with key file, there is remote chance that someone would be able to break-in your database.

Gnupg

[ZorkZero]

Open source? Check. Multi-user? Check. Secure? Only as secure as the box it's on, and the boxes that people use to access it, just like everything else. Linux based? Check.

Gnupg and a flat text file.

Yet another Password Encryption Tool

[thySEus]

try Yapet: http://www.guengel.ch/myapps/yapet/index.shtml

It s running on a Terminal, can thus be easily accessed via ssh.
And it support different password files. The Encryption provided may be
good enough for your needs.

Re:Delete the spreadsheet.

[rvw]

I love having the password on my monitor. However I didn't like the appearance of all those Post-it notes stuck to it. So instead I changed all my passwords to "Samsung".

But what if you buy another monitor?

Re:Delete the spreadsheet.

[Prosthetic_Lips]

Or the IT department gets a new shipment in, and replaces yours during the night? You'll come in and none of your passwords work. "I keep typing Vizio and it doesn't work!"

Re:KeePass

[Prosthetic_Lips]

... and I love the password generation capability. Especially options like "exclude lookalike characters" for when I have to look up the password on my phone.

SHA1_Pass

[_16s]

You may try SHA1_Pass. It runs on Linux, Windows and Macs. It generates passwords based on user input. It does not store passwords. It's open-source and the passwords it generates can be generated with OpenSSL and other Crypto libraries too, so there's no lock-in. http://16s.us/sha1_pass/why/

Re:Phpchain

[VortexCortex]

We use phpchain at work. A few hundred accounts for various servers, devices, vendor support accounts, and logins for accounts at companies we work with. All stored securely. Google it if you arent familiar with it. It has been a huge win for us, and does everything asked for. We even wrote a simple search functionality for at that I think has. Een rolled into mainlIne at this point.

NEAT! Thanks for the contribution! To repay the favor, I offer you my services. if someone accidentally deletes your passwords, just email me and I'll forward you a copy.

> PHP
> Secure

Choose one.

Wrong question

[Jawnn]

If you are not using a more robust access control scheme wherever you can, you are doing it wrong. Yes, there are cases where a single user/pass must be shared, but they are probably few in your organization. For those cases, KeePass is effective, if not particularly elegant. It's certainly more secure than an Excel file.
Do yourself a favor and investigate single sign on (SSO) solutions and work your way toward a tiered access control model.

Re:Phpchain

[dave420]

You can make very secure apps in PHP. You not knowing how to does not mean it's impossible.

Re:Just post them here

[Noughmad]

But how? All we will see is a bunch of stars...

GPG

[Tmack]

As many others above have posted, though none got any mod points for (yet)...

Its free, opensource (GNU), widely available as a standard package to most platforms, etc. You create a password file, encrypt with gpg, then sign it with each user's key that should have access to it (requires all users to have proper gpg keys setup). When someone leaves, you revoke their key from the file and they can no longer get to it, without having to do much else. If thats too complicated, just do a basic crypt (gpg -c) and share that password around. Then if someone leaves just decrypt and re-encrypt with a new password.

Old School:

[codermotor]

A lab book stored in a company safe.

Maybe

[PingXao]

Good comment until you said "military grade encryption". There is no such thing and that term is typically used by those who aren't very knowledgable about security. Unfortunately this forces me to discount your opinion on the matter. KeePass2 may very well be a good solution for the problem at hand, but I'm going to need to find some other evidence for that, because whenever someone mentions "military grade encryption" I run away as fast as possible.

Re:Maybe

[Kalidor]

The main reason I mentioned it (but never really got into it) was because of a round up of password storage managers from a few weeks ago that all claimed "military grade" encryption, and all were trivial to compromise. I can't seem to locate the article now but KeePass was not included in this round up specifically cause it didn't try to lump itself into this category.

I've been trying to rack my brain to remeber if there was an alternative suggestion section of the roundups, or if KeePass was mentioned. But since I couldn't find the article, Ieft it in there as a toss away comment. Discount my opinion if you like, I fully realize there is no such thing. There are minimum standards set forth by the NSA and the Military, and differ based on sensitivity and roles, but I really haven't bothered to see if KeePass is up to these standards. Assuming you don't leave the database vulnerable with an easy to guess key phrase, I'm not too concerned about someone managing to access my data from such a database. I'm not that big of a target, and the life of usefulness of such information is relatively short compared to the time it would take to compromise the database. (Assuming proper password complexity rules, aging, and policies are enforced or at least practiced on the information stored)

Re:Passpack

[PieterGen]

Basically the same as Lastpass, right?

Password Gorilla

[PieterGen]

Password Gorilla is what I chose - after comparing *lots* of passwordmanagers. I wanted a filemanager that be: - free & open source - offline (--> exit Lastpass) - cross platform (I looked at Linux, OSX, Windows and Android, cause that is what my family uses) - not dependent on Mono (--> exit Keepass). Password Gorilla stores passwords in an encrypted file: the password database. Every user has his own file(s). I have a copy of my file on my smartphone, I synch the files regularly. Read all about it and get it here: https://github.com/zdia/gorilla/wiki/ I like it, it does what I want, but to be honest, the GUI looks a bit simple and the syncing of files (across in my case 2 PC's and a phone) is not automized, although I you could write a script for that. It lacks the slick interface of some other passwordmanagers.

Non electrical means

[LilGuy]

I use a card from http://www.passwordcard.org/

Printed it out, laminated it with tape, and keep it in my wallet which is with me at all times. It's extremely handy and needs no internet access to use.

Keepass

[wiggles]

We use Keepass on a CIFS share. It locks the password file when multiple people have it open so you don't have write problems.

You can also put the file up on a LAMP style website with Web-Keepass.

KeePass Almost Ubiquitous

[seawall]

Programs compatible with KeePassX (or ports of KeePassX) exist for pretty much everything: Windows, MacOS, Linux, BSD, Android, iOS but they often have slightly different names (e.g. the program I use on iOS is KyPass) which makes it seem less available than it is.

Re:Keepass

[jon3k]

Apparently the new version will even allow you to synchronize multiple users (just found it earlier in this thread): http://keepass.info/help/base/multiuser.html

With KeePass 2.x, a database can be stored on a shared network drive and used by multiple users. When attempting to save, KeePass first checks whether the file on disk has been modified since it was loaded. If yes, KeePass asks whether to synchronize or overwrite the file (see image on the right). By synchronizing, changes made by other users (file on disk) and changes made by the current user are merged. After the synchronization process has finished, the current user also sees the changes made by others (i.e. the data in the current KeePass instance is up-to-date). If there is a conflict (multiple users edited the same entry), KeePass uses the latest version of the entry based on the last modification time.

I wrote my own.

[wezelboy]

Python and m2crypto. I have it coupled with pexpect to do auto login and commands on multiple machines. Saves me a ton of time from having to look in the excel sheet.

Re:Delete the spreadsheet.

[mitchy]

Sorry lewko, had to steal this quote. It was just too funny to allow myself to forget it.

Password managers

[Gareth68]

Have gone through nigh on every password manager over past couple of years, KeePass, Lastpass, Passpack, Roboform. All pretty good at giving you access to your passwords. I'm currently using my1login which I quite like for its security and mobility.

Secret Server

[MrObi]

It costs and requires Windows + IIS + MSSQL server (Express) but I haven't found any really equivalent at open source side. http://www.thycotic.com/ But then you need only browser to access it. Its perfect for scenario where you have team of admins etc who need to share tons of password with each other.

Re:Delete the spreadsheet.

[lewko]

I look forward to the royalty cheques, but where have you used it?