Status: Complete

Offer a password manager to all societies

Most societies struggle with password management - accounts and passwords either get lost, or trivially weak passwords are used. Multi-factor authentication is also rarely used as this concept does not work well when a group of people need to authenticate as the same user. A password manager can solve all of these issues - a team-based password manager where every individual is responsible for their own account. This means proper access control can be used, makes it easy for handovers, stops accounts getting lost, allows us to use autofill, and means that multi-factor authentication can be used (most password managers have support for TOTP codes assigned to individual entries and synced for all members of the team). This is also likely to be pretty much cost-free for the Union. As an example, Bitwarden (which is what I would recommend from cost, security and usability perspectives) is open-source and free to self-host the multi-user Teams version. You would only incur the server hosting costs - which the Union manages in-house and provides free for many societies (if you ever needed to/wanted to host in the cloud, a few providers offer free compute instances). It is also very easy to setup - a simple Docker Compose file can manage everything with simple config. Everything can be setup in 5 - 10 mins. Here is an example config https://pastebin.com/4c9E6MgD. All that would need to be added to this is to reverse proxy it (i.e. with Apache or Nginx) and then connect it to a subdomain.

2
UP VOTE

0
DOWN VOTE