

Ask HN: Client Password Management - bherms

I work at a small company that interacts with a lot of clients.  We frequently have to get on their FTP servers, in their hosting accounts, and more.  As such, we have a large amount of client account and password information that was previously just written down and placed in file cabinets with other documents.  This made sharing the passwords difficult and resulted in going back to the client to ask for passwords several times.<p>When I got the the company I decided it would make things easier and more efficient to set up a better system.  I installed Dropbox and KeePass on all systems and built a protected password database for our office.  It has made things much more efficient.<p>However, with this setup, it opens us up to problems.  This is purely hypothetical at this point, but it crossed my mind yesterday.<p>What if we hired an employee and later fired them and they decided to get revenge by using the passwords that they (could have) easily backed up to abuse client (and our own) accounts?  Is there legal protection?  Is our system terrible?  What are your thoughts?
======
gasull
\- A policy of giving passwords to an employee in a need-to-know basis.

\- Change those passwords when an employee leaves.

You need to keep track of the passwords that each employee know. A simple DB
will do.

~~~
bherms
The need-to-know basis is good, but defeats the purpose of having the shared
database. If we could tier access, and grant permissions, then that might be a
more viable option. I'll look into it.

We can change our own passwords when an employee leaves, but that leaves all
of the client passwords. If we set up their (for example) hosting account and
solely managed it, changing the password would be fine. However, we have a
large number of clients who co-manage stuff with us -- we both access their
hosting, domain registrar, mailchimp/constant contact, advertising, etc
accounts. We can't really go through and change a few hundred client passwords
or email them urging them to change passwords so that one of our employees
doesn't screw with them.

