Team Password Manager Review is another review in Password server series. Both previously reviewed solutions, Pleasant Password Server and Secret Server received a great score, what about Team Password Manager?
I got really interested in password management when I noticed that our Internet department uses Google Docs for all the passwords they use.
As soon you have a group of people working on a project you are faced with password management problem. Do you allow all users to see passwords?
If yes, then you don’t have a problem, but soon rather than later you will have a problem.
Team Password Manager
I found this gem while I was looking for something completely different. I immediately noticed that GUI is easy on the eyes and that there is something great about this program.
When you decide to try and download the program,you are presented with requirements. TPM is a PHP application, that means you must have a web server installed. It can be Windows or Linux based, you also need web server Apache, PHP 5.3.x +, MySQL 5 and Ioncube. Ioncube was the one that caused the most problems for me. I have one Ubuntu server for testing web applications. I admit that I am not an Linux expert, but I manage to install PHP app or two. I found several tutorials online how to install Ioncube… but only found the right one after 10 minutes. Once that was completed I only had to create database and voila.
TPM has a great GUI. You can sort information by projects or by passwords. If you know which password is required you will find it quickly in Passwords view, but if there a too many, you can also search for it.
On the other hand, you can look at the projects and find the right asset. On the left side you can filter by tags. That reduces time to find a password even more.
When you open an asset, you can view password data, Notes that you add, Security info – who has access and Security Log – who created asset, who accessed it who changed something. You have ability to click a button for password to be shown or to be copied to clipboard.
Creating new users is easy, and you can easily assign roles.
TPM is a great asset for storing various passwords, but it’s strength is that it’s PHP application. That means that you can install it not only on your local server but you could install it to VPS as well. TPM is a secure solution, libraries that were causing me problems with installation are crypto libraries, all the data is encrypted. But if data is secure, that doesn’t mean that hackers won’t be able to gain access. With VPS in mind, creators added support for Two factor Google Authenticator. Another secure measure is “internal firewall”, you can set that IP addresses where user fails X times in X seconds. That way TPM blocks IP of bot/user who tries to brute force your account. Another important thing is that you can integrate Team Password Manager with LDAP or Active Directory. The last one is especially important for large corporate environments.
Logging is great, you can track everything that was happening with your assets, from who created an asset, to accessed it.
What is great about Team Password Manager
Thinking about TPM, what really stands out from competition is:
1. Price. Product is cheap, you can start from $79 for a 5 user license or 10 user license for $149. Licence is perpetual.
2. PHP application, you can run it on VPS.
3. Security, application is secure.
4. Free version, for 2 users and 5 projects, product is free.
What can be improved
1. Installation is not for typical Windows admin, first you have to install special libraries for crypto, then if you want LDAP support, you have to install PHP-LDAP module.
2. Browser plugin, every website you visit, you have to go to TPM , find the resource, copy username/password, go to second tab to enter credentials… could be improved with LastPass type plugin.
Price is great, as for browser plugin, I hope it’s one the road map.
You can find this little gem on Team Password Manager website