I wanted to provide a summary of what actually transpired regarding a secure way to share passwords with a team of computer users with very limited computer skills.

I decided to use Lastpass because
* one does not have to install any software; you can use it just with a browser. 
* it has a built in secure mechanism for sharing user names and passwords with other Lastpass users
* the user interface is good (not necessarily great, but that in my opinion)

So far, Lastpass is doing its job, and the team is able to use it. There was one hiccup during the installation that caused some issues with most of the team members. This issue involves setting up a user's account to receive shared passwords. The issues were:

* the Lastpass documentation is very good when it comes to describing how to use Lastpass to share credentials with another user, but is terrible (ie non-existent) when it comes to telling a user how to setup their account to receive a shared password.

* A user who wants to receive shared passwords has to, in most cases, perform an extra setup task to create keys that allow sharing. For IE users, this happens automatically. For all other browsers and operating systems (I tests Linux with Chrome, Firefox, Mozilla, and Opera, and on Mac I tested Firefox and Safari with and without the plugin installed) the user has to login through the Lastpass web site (not the plugin, even if it is installed) to get the user's "account home page" to display the link to "create sharing keys". This feature is not documented in the Lastpass user manual, or in the forums. It took an email to Lastpass tech support and a lot of testing to figure this out. Without this step, one cannot share credentials between Lastpass users.

* Setting up a user's account without the Lastpass plugin is possible, but again not well documented, and requires a few browser restarts to get it to work.

However, once set up, sharing credentials with a group is rather easy.

Cheers!

Mark


On Wed, Oct 30, 2013 at 7:48 AM, Stephen <cryptworks@gmail.com> wrote:
There comes a point where if a team wants a new function or convenience they will have to learn something new. So i would go with the best documentation friendly solution that actually does the job securely. This to me strikes as the best of both worlds.


On Wed, Oct 30, 2013 at 7:42 AM, Mark Phillips <mark@phillipsmarketing.biz> wrote:
Jill,

Great point!

In this particular situation, the "team members" will probably not want to download a plugin, and I don't want to the the help desk for the plugin. However, I don't think that will be a problem. If they forget their password and can't get into their lastpass account, then I would tell them to make another account, and I will share the passwords with the new account. A very kludgey solution to this problem, but if it happens, they may get over their fear of downloading a plugin. On a technical scale of 1-10, where 10 = Linux Admin and 1 = still using a rotatory dial land line , the team members are 2s. ;)

Mark


On Sun, Oct 27, 2013 at 12:23 PM, jill <lists@bespokess.com> wrote:
I've also successfully used Lastpass with customers with
multi-platform/less-techy requirements.  However there's one thing about
their service that's really important to note - they can't do password
resets for your account the way most web services can.  If you forget
your login to their site and don't use their browser add-on you're SOL
(recovery works off the plugin).  I completely lost a Lastpass account
this way earlier this year.
https://helpdesk.lastpass.com/security-options/account-recovery/

Make sure your team understands how important it is to keep track of
their Lastpass password, or walk them through how to set up the plugin.

- Jill

On 2013-10-26 21:20, Mark Phillips wrote:
> I have a small team, and I am looking for a way to share account info -
> user names and password, and password updates. These are login credentials
> for financial accounts I manage.
>
> I googled for some ideas, and came up with snail mail, various web services
> that encrypt/decrypt emails, Lastpass, and safegmail.
>
> The users are technical noobs, so it has to be easy. No software to
> install. Free or inexpensive. They use Windows and Mac, I use Linux. Only I
> use Gmail, so safegmail is out.
>
> Does anyone have any recommendations for web service solutions? Anyone use
> Lastpass? Other ideas?
>
> Thanks,
>
> Mark
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss



---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button.

Stephen


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss