[pass] shared password store
David Timothy Strauss
david at davidstrauss.net
Tue Jun 30 23:07:26 CEST 2015
On Tue, Jun 30, 2015 at 6:06 AM CircleCode <codronm+circlecode at gmail.com>
wrote:
> what would be the better way to share a common password store, say for
> example for an association?
>
I recommend avoiding shared secrets at an organizational level. It's much
safer to use public key infrastructure (PKI) single sign-on (SSO) methods
like SAML or OAuth. If you deploy a web application yourself, you can proxy
through something like Apache with mod_mellon to perform authentication and
authorization using SAML. Many other hosted applications also offer
integration with SAML or OAuth.
Sharing a password in a group means that (1) the password must be rotated
whenever someone leaves the groups, (2) there's no accountability for which
individual accessed an application or did what, and (3) users are more
vulnerable to phishing attacks because there's less consistency for where
they expect to supply credentials.
That said, if you've got to share passwords, other advice on this thread is
good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150630/b7526615/attachment.html>
More information about the Password-Store
mailing list