Educause Security Discussion mailing list archives

Re: Password Management

From: "Pardonek, Jim" <jpardonek () LUC EDU>
Date: Tue, 26 Feb 2019 16:18:15 +0000

We are getting ready to roll out lastpass to our 20,000 students, faculty and staff.  Not to hijack the thread, but 
does anyone have any information on how they evangelized this to the population.  Also do any of you have a policy on 
the sharing of passwords.

Best!


James Pardonek, MS, CISSP, CEH, GSNA
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

•: (773) 508-6086

Loyola University Chicago will never ask you for your username or password.
For the lastest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: https://www.facebook.com/lucuiso/
Our Blog http://blogs.luc.edu/uiso/

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Greg Williams
Sent: Monday, February 25, 2019 2:43 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Management

It’s really not so much about price as it is the 100% increase every year.  I don’t want to keep paying for something 
that increases that much every year.  If it works out that LastPass is still the best option for our requirements, 
we’ll continue.  I appreciate all the feedback from everyone so far, just want to make sure we are investigating all 
options!

Greg Williams, ME
Director of Operations
Office of Information Technology
University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC 136A)
Colorado Springs, CO 80918
Phone: (719) 255-3292
www.uccs.edu<http://www.uccs.edu/>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Austin Bollinger
Sent: Monday, February 25, 2019 1:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Password Management

If price is a concern, I am curious if you have investigated into 
Passwordstate<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.clickstudios.com.au%2F&data=02%7C01%7Cgwillia5%40UCCS.EDU%7C97cf1e06a3e94154cfa308d69b610c0b%7C529343fae8c8419fab2ea70c10038810%7C1%7C1%7C636867238460049451&sdata=1G36tOP4fQURSHWCfnjCo4JGFsF%2B2A9m8%2BEvXZd%2FUJ4%3D&reserved=0>?

Built by an Australian software development company that began back in May of 2000 and I really admire their 
transparency<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.clickstudios.com.au%2Fabout-us.aspx&data=02%7C01%7Cgwillia5%40UCCS.EDU%7C97cf1e06a3e94154cfa308d69b610c0b%7C529343fae8c8419fab2ea70c10038810%7C1%7C1%7C636867238460059465&sdata=flUIu8cxBil4SgRShG5yoyE0RNAMBqRC2jRv3UYD2pY%3D&reserved=0>
 - Click Studios.

Their pricing maxes out at $5,700 at time of email (once off cost) for unlimited users.  Beyond that, yearly upgrade 
protection is $1,140.

The pricing and yearly upgrade plan decreases in pricing if less users. If not checked into, they have a free demo for 
up to 5 users. Not a bad option to save! Still has your typical PAM features and more..


Regards,
Austin Bollinger
IT Security Analyst
IT at Grand Rapids Community College
austinbollinger () grcc edu<mailto:austinbollinger () grcc edu> | 
https://grcc.edu/informationtechnology/informationsecurity<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgrcc.edu%2Finformationtechnology%2Finformationsecurity&data=02%7C01%7Cgwillia5%40UCCS.EDU%7C97cf1e06a3e94154cfa308d69b610c0b%7C529343fae8c8419fab2ea70c10038810%7C1%7C1%7C636867238460059465&sdata=Dq9yjeZP%2FKC01%2BqODiJQEBLehKo%2FpFd3sVSrZipKf28%3D&reserved=0>

"Madl, Michael" <michael.madl () INDWES EDU<mailto:michael.madl () INDWES EDU>> 2/25/2019 3:14 PM >>>

IWU is in the beginning stages of implementing Keeper Security.  One of the reasons we choose it was the price point.  
About 48$/yr/usr and we are only using in IT for now.


MICHAEL MADL
INFORMATION SECURITY OFFICER
UNIVERSITY INFORMATION TECHNOLOGY

[cid:image001.jpg@01D4CDBC.957F9860]

DO NOT provide your username, password, or any personal information requested by any email.
IWU WILL NEVER ask you for your username or password via email.
DO NOT CLICK links or attachments unless you are positive the content is safe.

CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information.  If 
you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this 
information. If you have received this email in error, please notify the sender by replying to this message and 
immediately delete this message.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Greg Williams
Sent: Monday, February 25, 2019 10:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Password Management

** This message originated from outside the Indiana Wesleyan University email system **
________________________________
Looks like this topic hasn’t been discussed in a while (~2 years).  We *have* had around 100 users in LastPass 
Enterprise for our IT department for the past 4 years.  This is the 4th year in a row that the price has increased 100% 
year over year.  It was $8/year/user 4 years ago.  So over 4 years $8*2*2*2 = ~62/year/user today.  What is everyone 
else using these days?  Are you using DUO with it as well?  Thanks!

Greg Williams, ME
Director of Operations
Office of Information Technology
Lecturer
Department of Computer Science

University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC 136A)
Colorado Springs, CO 80918
Phone: (719) 255-3292
Connect: Skype<skype:gwillia5 () uccs edu?chat> | 
WebEx<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fuccs.webex.com%2Fmeet%2Fgregwilliams&data=02%7C01%7Cgwillia5%40UCCS.EDU%7C97cf1e06a3e94154cfa308d69b610c0b%7C529343fae8c8419fab2ea70c10038810%7C1%7C1%7C636867238460069470&sdata=vb0AFH4yDCLQDjRSucxJ%2FKsSVgSLZVBrsvWSLgWNcHo%3D&reserved=0>
www.uccs.edu<http://www.uccs.edu/>


This email has been received from a sender outside of the GRCC network. Use caution before clicking links/attachments

Current thread:

Re: Password Management, (continued)
- - - Re: Password Management Maud, Phil (Feb 27)
    - Re: Password Management Kevin Crider (Feb 27)
    - Re: Password Management Maud, Phil (Feb 27)
    - Re: Password Management Barton, Robert W. (Feb 27)
    - Re: Password Management Gunnells, David H (Feb 27)
    - Re: Password Management Kevin Crider (Feb 27)
- Re: Password Management Madl, Michael (Feb 25)
  - Re: Password Management Austin Bollinger (Feb 25)
    - Re: Password Management Greg Williams (Feb 25)
    - Re: Password Management Austin Bollinger (Feb 25)
    - Re: Password Management Pardonek, Jim (Feb 26)
    - Re: [External] Re: [SECURITY] Password Management Gregg, Christopher S. (Feb 26)
    - Re: Password Management Jason Borinski (Mar 01)
- Re: Password Management Windham, Gary D - (windhamg) (Feb 25)
  - Re: Password Management Frank Barton (Feb 25)
    - Re: Password Management Hagan, Sean (Feb 25)
  - Re: Password Management Blake Ketcham (Feb 25)
    - Re: Password Management Linc Nesheim (Feb 25)
    - Re: Password Management Emily Harris (Feb 25)
    - Re: Password Management Walter Moore (Feb 25)
    - Re: Password Management Jackson Muhirwe (Feb 25)

(Thread continues...)