Offer a password manager to all societies
Bilaal Rashid submitted on
Monday 26th September 2022
Complete
Most societies struggle with password management - accounts and passwords either get lost, or trivially weak passwords are used. Multi-factor authentication is also rarely used as this concept does not work well when a group of people need to authenticate as the same user. A password manager can solve all of these issues - a team-based password manager where every individual is responsible for their own account. This means proper access control can be used, makes it easy for handovers, stops accounts getting lost, allows us to use autofill, and means that multi-factor authentication can be used (most password managers have support for TOTP codes assigned to individual entries and synced for all members of the team). This is also likely to be pretty much cost-free for the Union. As an example, Bitwarden (which is what I would recommend from cost, security and usability perspectives) is open-source and free to self-host the multi-user Teams version. You would only incur the server hosting costs - which the Union manages in-house and provides free for many societies (if you ever needed to/wanted to host in the cloud, a few providers offer free compute instances). It is also very easy to setup - a simple Docker Compose file can manage everything with simple config. Everything can be setup in 5 - 10 mins. Here is an example config https://pastebin.com/4c9E6MgD. All that would need to be added to this is to reverse proxy it (i.e. with Apache or Nginx) and then connect it to a subdomain.
Responses
Here, you can view the complete set of official responses from the sabbatical officers regarding this submission.
Students' Union replied on
Tuesday 28th Feb 2023 2:01pm
Hi, Thanks for submitting a You Make Change.
I have suggested and given all of this information over to Chief Operating Officer who is looking into what we could offer. As we have many other ongoing projects, this is not something that will happen immediately, but we can look into it.
If you have any other queries, please email me at vpactivities@soton.ac.uk
Thanks,
Zoe
Actions
Forwarded to Vice President Activities
Friday 30th Sep 2022 9:15am
Comments
Let's keep this space positive and respectful! Feel free to share your thoughts and opinions, but please remember to keep the conversation friendly and avoid any offensive comments.