![]() I haven't given up on #LassPass just yet because I think the pros still outweigh the cons. I was just about to jump into some research on the subject of password managers, how to compare them and what alternatives are out there for SMBs. #fciso #cybersecurity #passwordmanager #privilegedaccessmanagement Some examples of local password managers are #KeePass and #enPass.īetter ideas? Let us know in the comments below. But since they are on your computer they could probably do a lot of damage anyway. If an attacker got on your computer and had your key vault password then they could get access to your passwords. For instance one in your house and one in your office. The backups should be offline, one of which is physically separated from the other. You should of course back it up in two places. For technically capable people, I would recommend a locally stored password vault. That brings us to your personal password vault. If you are not a hosting security expert then you should definitely defer to others. ![]() Your vault would not be captured unless the bad guys were specifically targeting you. If you are a hosting security expert then it is probably better. You may be qualified to host it yourself. That may technically be a Privileged Access Management (PAM) solution but you get the point. There is no practical way to share passwords between team members. However, I do think there is a place for hosted vaults. Or in the case of #LastPass some would argue below the bare minimum. Companies’ financial incentives are to do the bare minimum to protect your vault. The concentration in one place is an enticing target. The incentive for bad guys to capture the password vaults is so high. I am no longer a fan of hosted password managers. The recent LastPass Breach has caused me to rethink password managers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |