Security

We moved to 1Password a year ago and have been extremely pleased with it. 

Bonus – and I think many are doing this – each corporate seat comes with a personal family plan as well.  So rather than staff mixing their personal and professional passwords together – you can clearly separate the accounts and entries. 

Do not be surprised if staff fight adoption.  They are wedded to their browser based password managers. 

Adam Kuhn   |   Director of Information Technology, FIA

akuhn@fia.org" target="_blank">akuhn@fia.org" title="https://teams.microsoft.com/l/chat/0/0?users=akuhn@fia.org">Chat with me on Teams!|a84604cb43544f57b5226a89fd66ecc7@fia.org?anonymous&ep=plink" target="_blank">Book a meeting

A brief check on Bitwarden shows a similar – and possibly more simplified way of provisioning than 1Password.  Not entirely sure.  They both require the setup of something called a "SCIM"

With 1Password, I had to do this, no kidding, in a Google VM environment (first time for everything).  It's been working ever since and connects 1Password with my specifically setup M365 security  groups for 1P.  So – a new employee starts – we put them into the appropriate security group – and they get the invitation to join 1Password.  I also tie authentication with M365 – so it's a SSO type situation.  No master password to remember for your corporate account.  Plus – we have Duo 2FA setup for M365 – so you get a little extra protection as well. 

Once you have the business account setup for the employee –they can then grab their family license. 

However, other than departmental groups that rely on a group password manager for shared systems, you really cannot force folks to follow through with a password manager.  I mean you can – by turning it off in Chrome/Edge/Firefox.  That did not fly for more than a week and I had to turn it back on. 

I have been selling the idea of a family password manager via stories around managing health care for elder parents – or the family Netflix password – and just things that should not like solely in the domain of one person's google account.  Not only is business continuity important – but family continuity is too.  None of this becomes real for folks until they struggle to access the medical portal for their 80 something or 90 something year old parent. 

LMK if someone can figure out how to get more than 50% of their staff to use one. 

Adam Kuhn   |   Director of Information Technology, FIA

akuhn@fia.org" target="_blank">akuhn@fia.org" title="https://teams.microsoft.com/l/chat/0/0?users=akuhn@fia.org">Chat with me on Teams!|a84604cb43544f57b5226a89fd66ecc7@fia.org?anonymous&ep=plink" target="_blank">Book a meeting