Sharing Passwords

Before we get started, here's what's happening at Call Theory this week:

Office Hours

A weekly meeting with Call Theory and fellow customers to learn, ask questions, and network over general IT, call center, and Amtelco topics.

• Tuesday, 9/17 @ 3pm Eastern
• Zoom Link and additional information
• Topics - Password Managers & Billing Part 2

Scripting Sessions

A weekly meeting to train Amtelco Intelligent Series scripting topics from Basic, Intermediate, and Advanced topics on a repeating schedule.

• Thursday, 9/19 @ 12pm Eastern
• Zoom Link and additional information
• Topics - Basic I: IS Supervisor & Your First Script!

Bitwarden MSP Changes

Bitwarden recently made changes to their MSP program which essentially removed all access by MSP technicians to existing customer vaults.

The solution appears to be to purchase individual technician licenses for each customer, then add them individually to a customer organization.

✅ MSP Provider- Restrict Item to Organization Only (Security Issue)

I recently reviewed that Provider Portal and Setup and I’m definitely not comfortable with the access controls at this level.Example -Service Users- Accessing banking logins for clients? Service Users- Accessing Accounting Master Passwords for clients. (Really even the provider admin shouldn’t have access to any of these) I realize it’s a work in progress so here is a quick solution that will solve most issues. Allow items to have restricted to organization checkbox, available to organization…

Bitwarden Community ForumsIntegricor

The request centers around the ability to allow Clients (i.e., you) to create collections (a place to store a list of passwords) that Providers (i.e., me) can't access. That's a fairly straightforward feature that was sadly not possible in previous versions of the Bitwarden MSP platform.

I expected the Bitwarden approach to this issue would have been to allow Client Owner accounts to mark collections as Organizational only (as mentioned by Integricor Dudley in the request tracker) but instead they removed all Provider access to all Client collections, across the board.

The communication on providers completely losing access to customer vaults could have arguably been better.

Other Password Sharing Tools

Now that Call Theory is reviewing password management solutions again, I wanted to share a few useful options I've come across in my search:

Password Pusher

Securely communicate passwords, data & files. Secret URLs expire after X views or X days. Track access with audit logs.

Password Pusher

Retriever

Secure secret sharing through the browser using web crypto. No server required.

GitHub - apple/password-manager-resources: A place for creators and users of password managers to collaborate on resources to make password management better.

A place for creators and users of password managers to collaborate on resources to make password management better. - apple/password-manager-resources

GitHubapple

LessPass

LessPass

Padloc - Open Source, End-to-end Encrypted Password Manager

Open Source, End-to-end Encrypted Password Manager.

Open Source, End-to-end Encrypted Password Manager

Whats your favorite password manager?

I know that's a weird question. People don't generally have a favorite password manager. But if you had one, which would it be? Super extra bonus points if it works well with teams.

I'm a huge fan of Bitwarden for personal use, but I can't really recommend it for businesses, enterprise, or managed service partners in it's current form.

Better yet, join us at Office Hours this week to learn more with us!