is there a way to share website password with users and :
they can’t copy/view
the password is not saved into a web browser password manager
the password is not saved in the windows integrated password vault
so the password is completely unknown from user
ex:
10 users have to access a government website.
there is only 1 login/password available
this credential must be shared with the 10 users (it can have simultaneously access)
no one is allowed to know the password
we have to prevent the password modification or password disclosure when 1 of users leaves the firm
While it is certainly possible to hide the credential from less technically savvy users, it would be very challenging to prevent a determined employee from finding out the password, since it is stored unencrypted in memory and transmitted unencrypted into a web form when used; even the “master password reprompt” feature can be defeated by simply editing a text file on the system.
The government system that requires one set of credentials to be shared among multiple users, while simultaneously disallowing password rotation, is inherently insecure.
He may be talking about examples such as licenses that aren’t locked to an individual seat. This is common. One license for a team to share. License locked to account you can all access, not a seat. Cost prohibitive to buy 20 licenses for a team. Yes, a security risk but it’s common.