![]() but at the end of the day if it's not a comprehensive team-based solution, it's just not something I want to put any stock in. I like all the self-hosted options I keep reading about - glad people are taking security more seriously. I don't know of any security issues first-hand, and I've been using their service for 7 years (personally, and 5 years with teams). I know that LastPass has made my life significantly easier since adding it to a number of companies I consult for. set up dead man switches on key accounts (for the hit by the bus scenario we all talk about). share passwords with people who need access (and often not even expose the actual password just access to it so you don't have to change everything in the event of turnover). isn't the team at a disadvantage? Another cliche warning: I need to care about forests, not trees.Īt least with LastPass (or whatever other system you can think of that's similar) you can setup "pretty good" team-based policies. but if someone in legal still has access to the "Passowrd123" for the AWS account. ![]() you can have all the security you want on your servers. ![]() isn't security at the organization level really crappy? Here's a real world example. and only a few people actually having good passwords. With every person storing passwords their own way. Most teams (you'll agree?) have horrible aggregate password management. aren't you letting perfect be the enemy of good? =P
0 Comments
Leave a Reply. |