4

Our company has recently implemented an enterprise-wide password manager. This password manager allows us to store all our passwords that we use on a daily basis.

A few days later, I was surprised to see a notification in this tool that asks us that the administrator has access to the private key of the tool in order to help us in case of loss of the master password to recover our passwords.

Having some knowledge of computer security, I know that we should never share our passwords with anyone and especially the master password of our password manager. For me, there are two conditions, either I do not share my master password (private key) of my password manager. Or I don't register any personal access in this password manager that is linked to my email address. I can gladly share accesses whose account is global, like info@company.com, but I don't want to share my accesses whose account is my-account@company.com

Even though all these accounts are related to my work, I don't feel comfortable letting the administrator have access to all my accounts. If one day one of my accounts were accessed or abused because my boss let a password leak, or if he used it himself, I wouldn't be able to defend myself against abusing one of my accounts.

I'll gladly give you more context if needed.

Is this a security risk ?

KevinM
  • 49
  • 5
  • 9
    Always safest to believe that your administrators can gain access to any account used for anything @company.com whether you give them the password or not. – Philip Kendall Feb 27 '23 at 22:10
  • 5
    Does this answer your question? Can HR/Boss Require Your Username and Password? – gnat Feb 27 '23 at 22:20
  • 4
    You should ask your manager what they would like you to do. – Gregory Currie Feb 27 '23 at 22:29
  • @gnat not really, it confirms my ideas. – KevinM Feb 27 '23 at 22:38
  • what does it mean not really, per my reading second top answer focuses exactly on how to handle this (top answer also covers this although not as prominently) – gnat Feb 27 '23 at 22:44
  • 1
    @KevinM you don't need to comment as response to "this is possible duplicate", you need to [edit] the question to explain why that suggested duplicate does not answer the question / unrelated to the question as written (whatever is written in the question may not be what you are asking, but the duplicate is so far looks answering what is written here but may not be what you are interested in - you may need to fix that too while editing) – Alexei Levenkov Feb 27 '23 at 22:48
  • "What do you think about this" risks getting the question closed as a call for opinion rather than something with a solid answer. Editing to replace that with an actionable question (is this normal, is this a security risk, are my own passwords at risk... ) would help. – keshlam Feb 28 '23 at 04:30
  • Your 2nd paragraph is confusingly worded and that's what is triggering the bots to think you've duplicated a question. To be clear, are they asking you to email the password? Or are they notifying you that the admin has access? OR are they asking you to provide the password in some secure way? As long as secure info is transferred securely, you are OK. If something bad happens with your account you now have an extra layer of plausible deniability because someone else legitimately has the password. – teego1967 Feb 28 '23 at 16:04
  • 1
    "the administrator has access to the private key of the tool in order to help us in case of loss of the master password" Are you certain this allows them access to your passwords? It may only allow them to reset your master password without knowing what it us, You should still never mix personal and work stuff, but you may be misunderstanding what they're asking for. – ColleenV Mar 01 '23 at 16:50

4 Answers4

9

Having access to the master password does not necessarily mean he has the ability to read your password, only to authorize a change without knowing the previous password.

Depending on how the system is written, perhaps he could change it to something he knows and access your password storage. But anything on the company's machines belongs to the company, not to the employees, so while that could be a security issue it isn't one that you have any control over unless you're in the security group. Presumably they considered his trustworthiness when they gave him that access. Or there may be other precautions, such as 2FA, that would keep him from logging in as you even if he does have the password.

For more details, contact your own company's security folks and ask them what the real protections are.

BUT: The company is entitled to access any files on its hardware. If your concern is protecting your personal passwords, don't put them in the company's password manager, and take whatever other precautions you deem fit.

keshlam
  • 66,609
  • 15
  • 121
  • 227
  • 4
    I think the piece of information that is missing here is the concern that this access will get abused and OP will be blamed. I'd start an email chain clarifying who has what info so that if there is ever a scenario where your passwords are used you could point out that you aren't necessarily responsible. The administrator might be. – TheEvilMetal Feb 28 '23 at 09:27
  • 4
    Again: It is unclear the access can be abused, or can be abused without leaving a record. If it could be, the OP is at no more risk:the CEO could fire them at any moment anyway. Either ask your company's security folks, and/or the password safe's authors, what the safeguards are for the particular system... or trust that it has some... or just accept that in an argument with the CEO you lose. – keshlam Feb 28 '23 at 14:28
8

Your risk is that the administrator abuses his access and tries to blame you for it. One solution is that you get in writing from the administrator that he asked you for the password, that this was was a rightful request (and not a test whether you are stupid enough to hand over your password), and that he received the password. Co-signed by someone as high as possible in your company.

So if one of the protected passwords is abused, it is clear that both you and the administrator had access.

gnasher729
  • 169,032
  • 78
  • 316
  • 508
5

Of course it's a security risk.

The vast majority of companies will tell you that no one in the company will ever ask you for your password. In this case, they're basically asking you for ALL your passwords. There is not a good reason for this.

Admins can reset accounts and create new passwords without having your old password.

All that said, your company is well within its rights to have bad password security. Everything about the systems is owned by the company, including your passwords. It's bad practice, but voice your disagreement and give them the master. Don't make it a big deal unless you don't mind being "that guy."

Tiger Guy
  • 10,611
  • 22
  • 37
3

Is this a security risk ?

It certainly is, but it's not your risk to make a decision on. Generally you just trust that your superiors know what they're doing and keep anything non-work-related off company hardware.

Kilisi
  • 222,118
  • 122
  • 486
  • 793