Password sharing apps/sites


#1

Hi,

I was wondering what password sharing apps/sites people would recommend?

I am aware of Lastpass but was unsure what level of membership I would require as a new VA?

Any advice welcomed.

Lisa


#2

Hi Lisa

I use a programme called Zoho Vaults. It allows you to store, organise and share “secrets” with other users that you have set up in your organisation and with third parties (if required). Here is a link to their pricing page which includes a full list of features.

[https://www.zoho.eu/vault/pricing.html]

What I like about it is:

  1. I can sort my client’s passwords into one group or chamber as it’s called on vaults for ease of reference. It also allows sub-chambers for even more organisation if required. After this, my client can add, access and update their passwords as required

  2. It has a mobile app and add-in for Chrome (my preferred browser) which means I’ve always got my passwords with me should I need them.

  3. As Zoho charge on a per-user (yearly or monthly) basis, I can scale my package up or down as required.

Currently, I’ve signed up for the professional version which suits my needs as a VA perfectly, but when I first started, I just used their free version.

Whatever programme you use, remember to check that the company you use have an updated privacy policy that meets the GDPR requirements and that they are a reputable firm with proper security in place.

As you’ll be storing Clients data in the programme (in my case their name and email address), your privacy documents should also include the company as a Data Controller.

Hope this helps.

Take care
Stef


#3

Hello Lisa,

I use Lastpass on it’s free edition and it’s very good. I too can organise all of my customers passwords into their own file or, If my customers do not feel comfortable sharing their details, they can share the login details with the password hidden so the site just automatically logs me in.

When I first started using it, I looked elsewhere as I didn’t really like the platform however, I have since grown to really like it and use it so much every day.

I hope this helps, even a little
Rebecca


#4

Bear in mind that whatever you use should be GDPR compliant and there is now some questions over whether or not being US Privacy Shield Approved will count as being adequate… We’re actually going to have to question suppliers quite carefully about how they store data to make sure it’s adequate - look for ISO 27001 or similar.

(The problem is, very few UK suppliers are certified so moving data storage to the EU would have actually been downgrading our security and service offering.)

This is the last update LastPass posted back in May - I’d assume they are compliant based on it, but I’d ask them for documentation:


#6

Thank you all for you feedback an advice.

Caroline - in terms of GDPR compliance, do you have any recommendations as to how to collate all the information in a simple manner?

BW
Lisa


#7

I always recommend my clients get a DPA (Data Processing Agreement) in place with suppliers who store their data outside of the EU.

It means more work on your behalf as you will need to monitor your suppliers activities to ensure that they are fulfilling their part of the agreement and regularly review your agreements to ensure that they are up to date.

The FSB (Federation of Small Businesses), have a vault of documents you can access and use which includes GDPR templates such as a DPA but you need to be a member. Otherwise, there a numerous sites online that provide samples and templates, but make sure you read them carefully to ensure they are suitable.

FYI: Zoho Vaults is based in the EU and the US and have ISO 27001 certification. If you do look at them as a possibility make sure that you access their EU site this will effect where you data is stored.


#8

It’s really tricky Lisa, because suppliers aren’t classified as GDPR compliant in a YES/NO way. And what data you store and how you use it governs whether or not it’s compliant.

e.g. I have spent about 9 months now trying to explain to people who have spent ££££s on GDPR compliant contracts and systems, that if they use a Gmail account to send and receive the data, they might just as well not have bothered! Sigh! :see_no_evil:

Someone who is typing up webinars for a local blogger isn’t going to be under the same kind of security restraints as someone storing the credit card details of an online business’ customers… GDPR allows for that and let’s you take “appropriate risk assessment”.

So in effect: There’s no quick fix. You need to assess what data you hold, what the risks of that are, and what a suitable level of security is.

For me, we handle quite sensitive data (although not medical data) so ISO27001 and proper email domains with SSL security is warranted. Any data being transferred via upload systems is also encrypted. We only process data which has been sent in writing to us and we also ask for the provenance of any data to make sure it complies - we don’t (and never have to my knowledge in the last 14 years) processed data which doesn’t comply with GDPR because we’ve always followed best practice as advised by the ICO. We have refused many, many jobs because it doesn’t comply - and I’m proud of that.


#9

Hello,
I use Kaspersky Password Manager for more than 3 years and recommend it, it’s very user friendly (on my opinion) and is part of the Kaspersky Total Security, so I don’t pay additional fee for it.


#10

@Polina I had read a few blogs raising concerns about Kaspersky when I was looking into which Anti-Virus to buy, but that was a long time ago so it may be fine now. Have you found them reliable?

And does your Password Manager allow you to share passwords?

I use my Norton Vault and have recently been introduced to LastPass by @amycrescentva
I don’t like it as much as Norton, but it is certainly handy for sharing data.

Anna