fsebugoutzone.org:9999

       Post APXQuj721mR74wl10K by Joseph_of_Earth@fosstodon.org
 (DIR) More posts by Joseph_of_Earth@fosstodon.org
 (DIR) Post #APXQuh8NNoK6wXN3p2 by Joseph_of_Earth@fosstodon.org
       2022-11-12T16:15:18Z
       
       0 likes, 0 repeats
       
       Brands of #Mastodon, how do you manage authentication for your company&#39;s or organization&#39;s Mastodon account?One of the hurdles that the #Fedora Project is looking at is how to share access to the account without sharing credentials like you can on Twitter. Is that possible? I haven&#39;t found a solution yet.#FediTips #foss #OpenSouce  #marketing
       
 (DIR) Post #APXQuhc9b68uQtIqEi by sebian@ioc.exchange
       2022-11-12T17:32:38Z
       
       0 likes, 0 repeats
       
       @Joseph_of_Earth @jerry any insight here? :O
       
 (DIR) Post #APXQuhzuAn8pcYPoG0 by jerry@infosec.exchange
       2022-11-12T17:36:47Z
       
       0 likes, 0 repeats
       
       @sebian @Joseph_of_Earth that’s a great question. I don’t think mastodon was designed with this use case in mind. Let me think on it some. May be able to do something with API keys, but that’s still “sharing a password” at the end of the day.
       
 (DIR) Post #APXQuiP4fDH4scBuUK by hdm@infosec.exchange
       2022-11-12T17:42:39Z
       
       0 likes, 0 repeats
       
       @jerry @sebian @Joseph_of_Earth not perfect, but a shared 1Password (or password manager of your choice) vault is a good fallback, especially if it includes the OTP code for MFA. The main headache with securely-shared accounts is handling MFA. Storing the OTP in the password manager is more viable than having a Signal group pasting the one-time codes back and forth.
       
 (DIR) Post #APXQuix6cgUqaA75X6 by jerry@infosec.exchange
       2022-11-12T17:54:02Z
       
       0 likes, 0 repeats
       
       @hdm @sebian @Joseph_of_Earth depending on the concern, this is a pretty good solution
       
 (DIR) Post #APXQuj721mR74wl10K by Joseph_of_Earth@fosstodon.org
       2022-11-12T19:01:00Z
       
       0 likes, 0 repeats
       
       Thanks for the responses! It seems like the main options we have are:- Do something with the APIs- Manage this through a password manager #BitwardenBased- Host your own instanceWhen we started talking about how to get the same solution you can get on TweetDeck, the password manager was suggested but not a favorite. If we had to do something now (which I don&#39;t think we&#39;re in a rush for), using a password manager is the most likely thing we try.#fedora #FediTips #foss #marketing #security
       
 (DIR) Post #APXQujT0i418B72ZGK by todb@infosec.exchange
       2022-11-12T18:02:42Z
       
       0 likes, 0 repeats
       
       @jerry @hdm @sebian @Joseph_of_Earth FWIW I&#39;m a newish fan of #BitWarden. #opensource slash #freemium, stores #TOTP, everything is easily exportable(!!), accounts are sharable, and #LastPass bought the #BitWarden Google Ads search term &quot;BitWarden&quot; so you know it&#39;s good.
       
 (DIR) Post #APXQujxUsiP5hfIumW by epixoip@infosec.exchange
       2022-11-12T18:09:42Z
       
       0 likes, 0 repeats
       
       @todb @jerry @hdm @sebian @Joseph_of_Earth as a bona fide password security expert, I fully endorse BitWarden.
       
 (DIR) Post #APXQuka8Z3JPdVNm0e by cybette@mastodon.org.uk
       2022-11-12T20:12:15Z
       
       0 likes, 0 repeats
       
       @epixoip @todb @jerry @hdm @sebian @Joseph_of_Earth I&#39;ve been using Bitwarden since 2018 and love it. My team has been using Bitwarden Organizations since last year to share team level access to accounts, and will be using that for managing access to @ansible :)
       
 (DIR) Post #APXQuligKlk1AIO6y0 by Joseph_of_Earth@fosstodon.org
       2022-11-12T19:06:24Z
       
       0 likes, 0 repeats
       
       The other two options of using the APIs somehow or hosting our own instance would require more technical investment. I&#39;m not knowledgeable enough myself so we would need support from the #Fedora community on that. Even then, if there was hesitancy about being on #Mastodon and also being unsure of how securely credentials will be managed, I don&#39;t think there is the appetite to to pour more energy into making our own solution. :/#FediTips #foss #marketing #security
       
 (DIR) Post #APXQunOY6apEMQz3rc by Joseph_of_Earth@fosstodon.org
       2022-11-12T19:09:10Z
       
       0 likes, 0 repeats
       
       Basically, the more work it takes, the more clamoring for an official account we would need to hear from the community, lol.Which is why I am here in the meantime - to understand the platform better, grow the #fedora community, support a healthier social media platform imo, and because it&#39;s so dang neat!
       
 (DIR) Post #APXctHay37M8tcpzLE by Joseph_of_Earth@fosstodon.org
       2022-11-12T22:26:28Z
       
       0 likes, 0 repeats
       
       @epixoip @todb @jerry @hdm @sebian @ansible @cybette  Sorry if I end up peppering you with questions since it seems you have this solution up and running for a project!When you&#39;re using Bitwarden, are you sharing the credentials between team members who are also part of the organization such that they can see what the credentials are? Or is it giving access for someone to use the credentials in their autofill without giving them the credentials themselves?
       
 (DIR) Post #APYhQmUqm23bGYAHbs by pete@social.cyano.at
       2022-11-12T20:30:31Z
       
       0 likes, 0 repeats
       
       @cybette @ansible I&#39;d be pretty curious about how to use Bitwarden as kind of a smaller footprint Hashicorp Vault, for my own organisation&#39;s ansible and CI/CD. Can you tell how you guys are gonna do that specifically? Via the Bitwarden API and credentials stored as a &quot;Bitwarden Sends&quot;? They way I see it, even if you kind of obfuscate the actual credentials by means of intermediate access password (i.e. Bitwarden Send) the eventual privilege password will stay the same. In other words, how to achieve a truly ephemeral password via Bitwarden? Or is that simply not possible here?TIA!
       
 (DIR) Post #APYhQnPvLpi87YrrZQ by cybette@mastodon.org.uk
       2022-11-13T10:52:04Z
       
       0 likes, 0 repeats
       
       @pete sorry I wasn&#39;t clear about using Bitwarden mainly to store credentials for our team&#39;s @ansible mastodon account. It&#39;s not used in the manner you&#39;ve described, which may or may not be possible, but that&#39;s beyond my #Bitwarden usage knowledge :P
       
 (DIR) Post #APYiO4wbpSTbZ9QMEa by epixoip@infosec.exchange
       2022-11-12T22:41:43Z
       
       0 likes, 0 repeats
       
       @Joseph_of_Earth @todb @jerry @hdm @sebian @ansible @cybette Any password manager that claims to be able to share passwords without the receiving party having knowledge of what the password is, is lying to you. Sure, it may prevent people from viewing the plain text password within the password managers UI itself. But there are dozens, maybe even hundreds, of ways to learn the plain text value, most of which don&#39;t require any skill at all.
       
 (DIR) Post #APYiO5RnxTQj7u1GrI by Joseph_of_Earth@fosstodon.org
       2022-11-12T23:13:59Z
       
       0 likes, 0 repeats
       
       @epixoip @todb @jerry @hdm @sebian @ansible @cybette Makes total sense.
       
 (DIR) Post #APYiO5puVqiEKfIWQq by cybette@mastodon.org.uk
       2022-11-13T11:02:47Z
       
       0 likes, 0 repeats
       
       @Joseph_of_Earth @epixoip @todb @jerry @hdm @sebian @ansible yeah the team members are able to see the credentials. it&#39;s not a perfect solution, but it works for our team&#39;s needs. still better than sharing passwords around various (possilby unencrypted) channels!