If you work solo, there’s never a need to share passwords and make your team more efficient at sharing accounts and Web-based services, but most of us work for companies with a lot of employees — and some work at huge companies with thousands of people on staff — and in that sort of environment, each person having their own copy of site account credentials can be an administrative nightmare.
But even smaller online businesses can experience this problem when an entrepreneur hires a virtual assistant to help with bookkeeping or a developer with whom they want to share access to a few key software services. It’s one of the real challenges with a distributed workforce too, being able to share accounts on all those “software as a service” (SaaS) systems.
Programs like Roboform and 1Password do a great job of managing one user’s password information across multiple devices, but get to the enterprise level and they’re far less capable. Yes, Roboform has an enterprise solution, but have you priced it out recently?
Enter Pleasant Password Server, an encrypted Web-based password storage server system that your IT department can manage for everyone in the firm. Better yet, it tightly integrates with the open source KeePass password manager, so working with the central password server is easy. Even better, available plugins for Chrome, Firefox and many other popular Web browsers make KeePass a keystroke away at all times.
I’ll be honest with you, setting everything up just right is not child’s play, but if you have an IT team or someone who is already versed in installing and configuring enterprise software, it’ll be a proverbial walk in the park. Once it’s done you’ll have the Pleasant Password Server running on one of the systems in the IT department, and will have distributed the tweaked version of KeePass that is hooked into the server, rather than set up to run standalone.
For testing purposes, I installed the password server on a Windows 8 system that I also used as a client computer. This is a valid configuration but of course requires that every time it’s rebooted that the Pleasant Password Server be restarted again – probably under an admin account, not a user account – before users can log in and utilize it, something that’s more fuss than just having an always-on server managing files, printers, passwords, and any other shared resources.
Once everything’s running, however, it’s really slick how account information instantly flows through the system, from client to server and from server to all known clients.
Let’s have a look.
First off, while running KeePass, I can enter account credentials directly:
Notice that the password is already filled out: KeePass has a sophisticated algorithm that helps you create complex, unguessable passwords that are far better than your dog’s name or your mom’s maiden name or similar. I recommend using the most complicated passwords possible, and that’s 100x easier with a password management tool, of course.
Enter a few passwords and you’ll have a list like this:
All of these passwords are also automatically being uploaded to the Pleasant Password Server. Not only that, the “intranet” account credentials you see on entry #3? That was set up by the server administrator and automatically showed up as an option in the client program.
Note also that like any password management system, you can tie specific accounts to specific URLs — as in the example of eTrade — or you can just use it as a safe encrypted account/password storage locker.
If your administrator doesn’t want you to integrate KeePass into your Web browser with one of the third-party plug-ins, or says that only Internet Explorer is hooked up, but you prefer to use Chrome or something else more sophisticated, KeePass has its own Windows client app and working with it is darn easy. You can also use the Web-based interface if you’d prefer. But the client’s definitely easier. For example, want to grab a password to paste into a login screen? That’s easy:
Straightforward Windows application design, albeit not quite as modern and sleek as some of the best Windows 8 utilities. Still, this is a straightforward solution to a straightforward (and mission critical) problem.
While all this has been going on, what about the server?
As an administrator, you work with Pleasant Password Server through your favorite Web browser, no special application needed. The main view looks like this:
(click on the image to see it full size. it’s big, tho!)
Along the top you can see the kinds of database features that enterprise IT managers expect, including users, active directory and LDAP import support, roles and various configuration options for the KeePass client and server itself.
Look closely and you’ll notice that the four account information records shown earlier in KeePass are also safely stored in the password server too, as expected.
To create a new shared account record, click on “Add Entry…” at the bottom and a very similar form will appear within the server admin’s Web browser:
What’s cool to notice is that if you click on the words “Password Generator” you can see that PSS exposes all the parameters of its password generation engine:
That’s a handy tutorial on how to pick safe, complex passwords too, as it happens, but as long as the site in question supports it, I strongly recommend making your auto-generated passwords as rich and complex as possible.
Finally, within Pleasant Password Server you can also examine existing records created by users on their own computers and shared with the server:
All in all, a simple, elegant and reasonably priced solution to a problem that a lot of medium to large companies have: managing all those enterprise user accounts in a secure and distributed fashion. For a ten user license, for example, it’ll run just a bit over $200 for a lifetime license. Need to bump up to more users later? Licenses can be expanded as needed.
Pleasant Password Server can be found at Pleasant Solutions online, and prices vary based on userbase.