Yeah, the ability to choose/assign a shared entity within a passcode entry as an administrator would solve a ton of issues (be very liberating).
***I think its the single most significant upgrade Francesco's team could do that would propel PP competitive placement among passcode keepers marketed at this level.
Further, being able to assign a 'group member' as an admin would be even more liberating (but *not* as critical for initial implementation, as sometimes the group thing doesn't apply).
For now, we have to... 1) require anyone creating new passcodes to transfer ownership to central (the root company owner), then 2) the chief trusted entity at central must check the shares.
The drawback is that the chief has root access to everything, and so 'everything' cannot reasonably be kept in a central code-repo - some things gotta go elsewhere, which creates more work.
BTW, shares are transferred if the target owner already has that share in their people list.
One other comment... for inhouse users I may also deploy KeePass on workstations to make it easier for users to log into their PassPack accounts (since we use 26+ digit passwords and keys). I can maintain their Keepass dbs centrally, making that easy to manage, and individually assigned dbs makes keeping them private (even on shared workstations) simple to do.
I can use a centrally managed Keepass db with some client-companies, but many of my clients have a blend of remote win/mac/linux clients, making Keepass impractical (not impossible, but it gets chaotic with non-it folk).
And at the point you run into those few non-windows associates you want to share codes with you realize you would have been better off starting with something more natively cross-platform accessible to begin with.
It would be nice to hear from the host about this.
YES - Allow members of a Shared Group to see what group they belong to.
NO or ToggleSetting - to see what passwords belong to that group. Not necessary, so why do it? What if privilege for me (as an individual) to see "Y" in xyz passcodes for my group is revoked? Some cases perhaps it serves to still let me see the entry in the group code "listing" (but not the contents), but then again other case perhaps not.
NO - absolutely no sharing amongst themselves - would only lead to chaos: No One but an authorized administrator should be responsible for assigning use of company codes - even if its within a group. The company would lose integrity of authority to manage operations and security.
How often do you see companies allowing employees to share keys to the office? No, typical protocol is each person is assigned keys only from a central office/administrator that is held accountable for managing all the keys (its a simple auditable protocol), and they are strictly controlled.
Therfore NO to : Designate a group administrator to handle sharing privileges for the group (since they would be doing it in the first place).
Order is typically stewarded by a "chain" of command. I think this is what the concept of Central Repository serves... the ability to manage shared privileges without compromising integrity of operations or security.
Free Sharing of priviledges would only serve to introduce weakness (even chaos) in the order of operations and security protocols.
Perhaps this would be viable in a system not reliant upon a hierarchal authority structure? Perhaps not? But certainly not in your typical business.
Need this for sure. But it will only have true/full benefit for business when you also provide for a business owner to assign an administrator for groups (and or each group account), and pushing out tags.
Here's what it looks like right now (what to expect) in the real world...
- I setup ceo account and her share name, under my control
- then setup my account and my sharing handle
- setup shares from ceo account to mine
- test everything (get it organized for the potential groups)
- setup each user account by creating each new login
- setup collaboration for sharing in @ accounts
- create instructions for users to login, reset passwords and packing keys, and for accepting invitations from ceo later
- re-tag all entries in my account since they are not propogated and cannot be imported (what a pain),
- instruct everyone else to do the same (forget that - no way its gonna happen)
- transfer ceo account ownership to ceo by having her login and change passowrd and packing key
- I can create new entries and transfer their ownership to ceo, however,
- I cannot manage shares of existing or new entries to teams for the company, so I am actually powerless to "administer" anything without access the ceo's account directly, which means she has to constantly hand=hold the process, and constnatly change her codes after I am done working within her account.
This is already reflecting poorly on my IT decisions for this small company.
Whats really needed to make this viable for business:
- admins for groups, i.e., be able to give admin permissions to someone in a group
- fully setup staff accounts within owner account and group-admin-share user account
- allow tags to be shared from the owner account
- and/or allow tags to be imported onto entries that are shared with you
***I really appreciate the integrity of this company... real people providing real help and support with a very creative and progressive product. When you sort out the business management viablity I will be able to realisticly start using this for more of my client companies.
Thanks for the facility for providing feedback and suggestions.
very common, very useful
very common, very useful
Logs & Audits will be included in a future release of Passpack. No ETA, please continue to vote so we can give this priority in our scheduling.
Yes. In any business, for managing security and activity issues, a major concern is being able to audit. When problems arise we need to able to see who was accessing and changing what, when, and with whomelse,
More progressive/enterprising products are offering this feature. It certainly is one of the main things I was hoping to enjoy, and offer my clients, in this type of product.
Please fill out this survey if you are interested in this product: http://bit.ly/9igtYI