Building the web since 1996. Full-stack developer, but love front-end tech. I also socialize feral and abused cats. Associate Director of Engineering at 10up.
We host our own One-Time Secret instance. Our security policy calls for employees to use password managers to store their own passwords & generally prohibits shared logins. If there's a shared key or password that needs to be documented, we insist it's stored in our project management system where it's behind a login and we can control who has access to it.
If you don't want people bypassing policies for expediency, it needs to be addressed culturally. Make it clear that they won't be hassled for taking time to share data securely and protect your people from that pressure. Explain why your rules and chosen tools are in place. Nobody wants to be responsible for the next big credit card or medical data leak, right? So make it clear that they're on the front lines of protecting your clients & customers from identity theft. They have the power, tools, and management's support to do their job responsibly. They won't be the faces behind the nasty headlines.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
We host our own One-Time Secret instance. Our security policy calls for employees to use password managers to store their own passwords & generally prohibits shared logins. If there's a shared key or password that needs to be documented, we insist it's stored in our project management system where it's behind a login and we can control who has access to it.
If you don't want people bypassing policies for expediency, it needs to be addressed culturally. Make it clear that they won't be hassled for taking time to share data securely and protect your people from that pressure. Explain why your rules and chosen tools are in place. Nobody wants to be responsible for the next big credit card or medical data leak, right? So make it clear that they're on the front lines of protecting your clients & customers from identity theft. They have the power, tools, and management's support to do their job responsibly. They won't be the faces behind the nasty headlines.