How to share password without users never access it

Ask the Community Password Manager
,
1

hello.

is there a way to share website password with users and :

  • they can’t copy/view
  • the password is not saved into a web browser password manager
  • the password is not saved in the windows integrated password vault
    so the password is completely unknown from user

ex:
10 users have to access a government website.
there is only 1 login/password available
this credential must be shared with the 10 users (it can have simultaneously access)
no one is allowed to know the password

we have to prevent the password modification or password disclosure when 1 of users leaves the firm

Thanks
regards,

2

Hey there, because Bitwarden does not perform an auto carriage return, currently you can set to hidden or read only https://bitwarden.com/help/user-types-access-control/#granular-access-control but if you would like to share more about this feature request including details about your team, you can contact the team at bitwarden.com/contact.

The team is also working on Secrets Manager for machine based secrets.

3

While it is certainly possible to hide the credential from less technically savvy users, it would be very challenging to prevent a determined employee from finding out the password, since it is stored unencrypted in memory and transmitted unencrypted into a web form when used; even the “master password reprompt” feature can be defeated by simply editing a text file on the system.

The government system that requires one set of credentials to be shared among multiple users, while simultaneously disallowing password rotation, is inherently insecure.

4

He may be talking about examples such as licenses that aren’t locked to an individual seat. This is common. One license for a team to share. License locked to account you can all access, not a seat. Cost prohibitive to buy 20 licenses for a team. Yes, a security risk but it’s common.