At work we use "password safe" to share common passwords like service accounts, shared vendor accounts, and various other credentials that are not unique to a member.  It's kind of a kludge, and of course windoze only, so I have to use vm to access it. quite annoying.

I've considered pushing to use keepass instead, as I've used this as well for a good 6 years under linux.  Only problem is it's only a file db to be accessed, which makes anyone not on a shared network resource accessing it difficult.  Also sadly, even the "official" version iterated to keepass2, a really crap c#/mono application that barely works under linux, and not without frustrations, but older 1.x format with keepassx works great.

I have since migrated to LastPass, even paying for the service because I've found it to be more valuable than the $12 a year personally, and their "enterprise version" can have shared access permissions.  Perhaps the consumer version can be coaxed to do this too, but I've not had necessity to try.  The android integration with dolphin browser (plugin) makes it easy on any platform, mobile or desktop for consistent access means.

Secure shared access for me is a random large/complex string that I note as who I've given it to, and only as long as needed before changing it.  I don't remember passwords, preferring the ambiguity that if I can remember it, likely others can brute-force it, or torture it out of me.

Of course any service like lastpass inside the US, the NSA would simply subpoena and force to give unilateral access to my account anyway (much as they can/do anyone, thank your politicians) at that point, so really confidentiality is all a perception regardless as long as anything is shared externally.

-mb


On 10/26/2013 02:31 PM, Eric Cope wrote: