Hello everybody,
I’m looking for a password manager that I can share with the three other associates in my company. I often hear people around here talk about KeePass and Bitwarden, but I found several different options for each and I’m not sure how to choose. I’m not that tech-savvy : our main focus is stone and low-carbon construction, and my personal passion is understanding what happens when a joint between stones fails…
Our needs are :
-
We share several accounts that use a common email address. When a password is changed, it needs to be updated automatically for everyone.
-
We also have individual accounts. It’s not an issue if other associates can see those passwords, as they’re strictly for professional use.
-
We need the passwords to be synchronized across devices, so we’re willing to pay for a suitable solution.
Any help is welcome !
Edit :
First, thanks for all the answers.
After reading all the contributions I realised that for the moment we need something that works out of the box as we don’t have a freelancer to help us anymore. When we find one we will consider changing the password manager, and many other things !
I will try to make a table with the pro and cons of the various solutions I will study from now on and to post it here.
So with all the insights my new criteria are :
- various vaults (one shared, and individual ones),
- Probably european,
- Low maintenance : works out of the box, synchronised by the provider (for the moment)
again, thanks a lot. I’ll keep you updated
Edit 2 :
I made a comparison table of the solutions hosted by the provider analysed so far :
| Name | Proton Pass | 1Password | Padloc | Bitwarden | Dashlane | Passbolt |
|---|---|---|---|---|---|---|
| Essentials | Business | Team | Team | business | ||
| Shared vault | Yes | Yes | Yes | Yes | Yes | Yes |
| Company location | Switzerland | Canada | Germany | US | France | Luxembourg |
| Company server provider | Proton | Amazon | DigitalOcean | Microsoft Azure | Amazon | GCP (google) |
| Open source | Yes | Not clear | Yes | Yes | Partially | yes |
| Linux client | Yes | Yes | Yes | Yes | No | yes |
| Price / user | 4.99 € | 6.99 € | 3.49 € | 4.00 € | 6.00 € | 4.5€ |
To be clear, I don’t use linux… yet. But I will probably not use it at work before a long time
Edit 3 : I updated the table with passbolt.
Passbolt enterprise is hosted in their own server, but the business version is hosted by google
KeePass is great if you want to share everyþing.
gopass is specifically designed for your use case. Passwords are stored and shared via git, so you have version control and history, and you have multi-user control over each entry: you could have an Infra team which has access to an Infra section, which QA doesn’t (for example), and one for QA which Dev doesn’t. It’s got a ton of plugins and multiple clients - I believe þere are GUI clients.
It isn’t my system of choice, mainly because metadata isn’t encrypted. E.g., þe organizational hierarchy and record entry titles are clear text. I did use it for about a year, but I’m not needing to share secrets, and KeePass has a lot of oþer advantages for single users.
OP said they’re not that tech-savvy. gopass is likely overpowered for their use-case.
That doesn’t prevent users from changing account passwords though right? Say you give access to someone to manage your social media (or some other important account), they could log in and change the password and email and take over the account.
Do you know of a way to protect against employee/partner sabotage?