Sat 18 Apr 2020 10:56PM

MACC needs a password manager!

B bailey Public Seen by 26

This is a thread to discuss a group-oriented password manager for MACC. A password manager is a simple system in which one master password gives you access to a library of all of your passwords for all of your accounts, all organized in one place. This way we can all have unfettered access to all of MACC's platforms and accounts!

During the Comms meeting on 04/17, Jezz suggested BitWarden (which would cost $9/month for access for seven people). If you are familiar with a more cost effective option, please note it below!


Matthew W (he/him) Mon 8 Jun 2020 6:45PM

I'm going to browse a bit but I think we should just accept and eat the cost whatever it is! It will make Communications WG so much easier and more secure.


Jezzz Sun 14 Jun 2020 4:43PM

If you want to get one ASAP, I think Passbolt is the way to go. They offer a hosting plan for 10 users of 18 euros /month, but we could also run it for free on our own server once we find someone with the technical capacity to help with that https://www.passbolt.com/pricing/pro


Matthew W (he/him) Tue 16 Jun 2020 9:13PM

Do you think we should just go ahead and request the $ from finance crew for that? I think I'm the obvious person to populate it with all our accounts.


Jezzz Wed 17 Jun 2020 4:01PM

hi matt - actually i noticed a short form to apply for a discount for non-profits so i filled it out for MACC using the info@macc.nyc address. Could you look for that to submit a more specific finance proposal based on the rate they offer us?


Matthew W (he/him) Mon 29 Jun 2020 1:13AM

Hey I noticed it in our e-mail will check!


Rehj Sat 27 Jun 2020 6:34PM

Looks like the decision is basically made, but I thought I'd add a little info about a different one: I use LastPass and I love it. They are $4/mo for 6 users with the LastPass Family plan. (Haven't read if there's restrictions based on it being called "Family" on that but I know my grocery coop uses it so presumably it's okay). There is a 30-day free trial. You can import passwords from a csv but it's kinda fiddly to get different types of passwords/secure notes in the right format (I just did this import for the coop and it took a little time.)

I was immediately attracted to being able to host a PassBolt server for free, but then I saw it doesn't allow multi-factor, so that's a major downside in my opinion.


Matthew W (he/him) Mon 29 Jun 2020 1:14AM

Thanks Rehj. Maybe we can circle back to this with the comms group and check which is best.


Jezzz Mon 29 Jun 2020 2:49AM

hey Rehj - hope you will forgive my noobiness, but what's the major downside of not having multifactor authentication?


Rehj Mon 29 Jun 2020 8:16PM

Well...we only consider it a disadvantage if we believe that MFA increases security enough to be worth the hassle of using. I'm afraid I'm no an expert, but what I've read suggests it does (although obviously it's not perfect). So I accept that as an assumption, and that's why not having it seems like a disadvantage to me.

Of course, there's a lot of factors that decrease the security of MFA. Apparently SMS is pretty easy to hack, for example. Some accounts allow a method of disabled MFA that seems a bit questionable, etc. So perhaps I overstated the case a bit by calling it "major". I was probably just trying to make my personal opinion sound a bit weightier than perhaps it should be. :D


Matthew W (he/him) Thu 2 Jul 2020 11:27PM

@Rehj Cantrell - It's useful! After tomorrow's action I'm going to get on a few of these infrastructural things and bring them back to the group for final plans.