BHillebrand Posted February 6, 2023 Posted February 6, 2023 Summary of Use case: MSP client insists on utilising a known Bad password, is unwilling/unable to change the password for operational reasons, but the password still requires documentation in Passwordstate by the MSP.Current Outcome: The only option in this scenario is to disable Bad passwords detection entirely for the whole password list, and this is a sub-optimal outcome that prevents us deriving any security benefit from the feature.Requested Feature: Short of blocking bad passwords, we'd like to be able to benefit from the Bad passwords feature by: * Having an option added for a Passwordstate user to notified when a Bad password is entered, but still allowing the user to save the password entry anyway. (IE: Choice to Block OR Notify)
Goossens Posted February 7, 2023 Posted February 7, 2023 +1 Also: I'd rather have the current - bad - password stored in PasswordState (so that its quality and replacement can be monitored) than having it stored somewhere outside PasswordState. So, first securely store the bad password and then replace it by a good one (which can not always be done immediately).
Dave Bennie Posted February 16, 2023 Posted February 16, 2023 Potential workaround I have delpoyed for sites we cannot control passwords for is a dedicated list, that allows poor passwords. This list requires reasons for the password being poor etc.
BHillebrand Posted February 22, 2023 Author Posted February 22, 2023 On 2/16/2023 at 2:32 PM, Dave Bennie said: Potential workaround I have delpoyed for sites we cannot control passwords for is a dedicated list, that allows poor passwords. This list requires reasons for the password being poor etc. Yeah, that's what we're having to do, but it's a messy workaround to resort to. Mostly because it either results in a proliferation of lists (IE: Good password list and Bad password list for customers that want to use bad passwords on their sites) or we have one customer list and just disable the feature fully, which isn't great because our comfort with bad credentials used in an MFC pin code might not extend to other types of credentials etc.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now