Status: Complete

Offer a password manager to all societies

Most societies struggle with password management - accounts and passwords either get lost, or trivially weak passwords are used. Multi-factor authentication is also rarely used as this concept does not work well when a group of people need to authenticate as the same user. A password manager can solve all of these issues - a team-based password manager where every individual is responsible for their own account. This means proper access control can be used, makes it easy for handovers, stops accounts getting lost, allows us to use autofill, and means that multi-factor authentication can be used (most password managers have support for TOTP codes assigned to individual entries and synced for all members of the team). This is also likely to be pretty much cost-free for the Union. As an example, Bitwarden (which is what I would recommend from cost, security and usability perspectives) is open-source and free to self-host the multi-user Teams version. You would only incur the server hosting costs - which the Union manages in-house and provides free for many societies (if you ever needed to/wanted to host in the cloud, a few providers offer free compute instances). It is also very easy to setup - a simple Docker Compose file can manage everything with simple config. Everything can be setup in 5 - 10 mins. Here is an example config https://pastebin.com/4c9E6MgD. All that would need to be added to this is to reverse proxy it (i.e. with Apache or Nginx) and then connect it to a subdomain.

Submitted on Monday 26th September 2022

Responses

Hi, Thanks for submitting a You Make Change. 

I have suggested and given all of this information over to Chief Operating Officer who is looking into what we could offer. As we have many other ongoing projects, this is not something that will happen immediately, but we can look into it. 

If you have any other queries, please email me at vpactivities@soton.ac.uk

Thanks, 

Zoe

Tuesday 28th Feb 2023 2:01pm

Actions

  • Forwarded to Vice President Activities
    Friday 30th Sep 2022 9:15am

Comments

Please login in order to comment

Sorry, there have been no comments yet