I recently replaced chrome on every company computer for Firefox. We shared a google account with passwords that everyone needed. But some fools that don’t understand their actions properly start deleting password by accident as the cleared the browsing history. Yes I know you have options when you clear history.
In Firefox passwords and browsing history / data is separated. So they can delete browsing history and they don’t accidentally delete the passwords anymore. And with a Firefox account all our passwords that employees need are synced safely.
> but for some orgs, it would be unneeded overkill, and not protecting anything notable.
I can honenstly not think of a single venture where "support@" is not one of the most critical resources wrt privacy and security. On top of that, "support@" is typically the account that has a high churn rate. Where people move on and new people are hired. Of all the cases, I'd say that "support@" ranks amongst the top for need of proper account management.
That said, it's dead simple to grant jane@ and john@ access to an inbox in Google. Researching how to do this may take 30+ minutes. But getting it configured afterwards is really a two minute job.
The only reason I've came across why people shared Google accounts was "we have a business domain and we need to pay for every extra seat". Which is a valid excuse. I'd argue that its not a good enough excuse to lower your security for, but valid nontheless. For one, 2fa is almost impossible when sharing accounts.
Which is why having a "pay per seat" model for any SAAS is perpendicular to having proper security practices. You are not rewarding good security, but rather punishing it by letting organisations with proper separation of accounts pay more then the ones that choose to have as few as possible.
I've seen functionality where one gmail account can send an email so that it appears to be from another email address.
I haven't seen anything that allows a seamless view of the inbox/outbox, and a way of sending that doesn't accidentally use their normal email address if they forget to click a drop down.
Support emails fall into the "interesting" GDPR bucket often overlooked. I see only few companies actually share/keep track of that data bucket when doing a data request, or deletion request.
Lets say your company has a profile on a platform that uses a Google account login. How many Google accounts do you want to wager can be permitted to administer that profile?
What's the reasoning behind everyone needing that level of access?
We use 1password and have multiple vaults depending on what sort of clearance is needed. Need access to support emails? We'll add you to the appropriate vault. This way dev teams can be separate from marketing etc and no one can unexpectedly gain access to what they shouldn't be able to or wipe passwords they shouldn't have access to.
Small online tools that everyone needs to use. Passwords that needs to change often because of security settings of those tools.
Yes I know other solutions are there. Like 1password and step by step I will get there. At the moment they are unwilling to move to a password managers.
A Firefox account with synced passwords is a huge step forward. Before that there was a excel file with all passwords. Or worse post-it’s.
In Firefox passwords and browsing history / data is separated. So they can delete browsing history and they don’t accidentally delete the passwords anymore. And with a Firefox account all our passwords that employees need are synced safely.
In one day 150 employees changed to Firefox :D