cancel
Showing results for 
Search instead for 
Did you mean: 

Client wanting me to use password sharing site

moniquenz
Ace Contributor

Hi, sorry bit of an odd question but I'm a bit stumped as to what to do.

 

I've started working with a client doing blog posts and they have sent me an invite to create an account for a site called Last Pass which is a password management site so they can give me access to another site. This kind of brings up red flags as when I look at the account sign up, it says all my encrypted data will be sent to this site. I don't want to have this password manager on my laptop as I already use the Google password manager. I'm concerned that this site will take over my password management or that this client (or site) will be able to access my passwords and personal accounts. 

 

This is only a new client with relatively low paying work compared to other clients and is now requiring extra time and effort and I'm not sure what to do. I just wanted to write the blog posts (I took lower paying because I wanted experience writing on a new topic). 

4 REPLIES 4
jcullinan
Community Guru

@Monique L wrote:

Hi, sorry bit of an odd question but I'm a bit stumped as to what to do.

 

I've started working with a client doing blog posts and they have sent me an invite to create an account for a site called Last Pass which is a password management site so they can give me access to another site. This kind of brings up red flags as when I look at the account sign up, it says all my encrypted data will be sent to this site. I don't want to have this password manager on my laptop as I already use the Google password manager. I'm concerned that this site will take over my password management or that this client (or site) will be able to access my passwords and personal accounts. 

 

This is only a new client with relatively low paying work compared to other clients and is now requiring extra time and effort and I'm not sure what to do. I just wanted to write the blog posts (I took lower paying because I wanted experience writing on a new topic). 


Lastpass is a highly respected password management service, and it allows clients to give you access to their sites without actually giving you the password to them. The notice you saw about encrypted data is a GOOD thing - it means all communication to and from the site will be encrypted. It will NOT access any data you don't specifically grant access to. The software should not interfere with your Google manager. It's a simple browser plugin, and the free version is quite robust. (You might even find you like it better than Google.)

 

I wouldn't find this an unreasonable request from a client when working on sites that require logins - it's a practical way for them to control your access to their sites. But, if you don't want to continue working with the client, you could always resign and close the contract.

Oh thanks so much for your reply. So when I activate my account, they can't have access to any of my passwords or private stuff right?

 

And I can use it just to access their websites?

 

Just where I have to tick a box that says ALL my encrypted data will be sent to the site makes me nervous as it makes me feel like I don't have any control. 

 

I haven't used anything like this before and so I'm sceptic. 


@Monique L wrote:

Oh thanks so much for your reply. So when I activate my account, they can't have access to any of my passwords or private stuff right?

 

And I can use it just to access their websites?

 

Just where I have to tick a box that says ALL my encrypted data will be sent to the site makes me nervous as it makes me feel like I don't have any control. 

 

I haven't used anything like this before and so I'm sceptic. 


Your account will be your account - the client has no access to anything, and Lastpass has no access to your Google account, or anything else you don't specifically enter. The client will share access with you to their sites through the Lastpass service, and then you use the Lastpass plugin to log in. Read up on all the help files through the Lastpass site to get more detail. 🙂

pandoraharper
Community Guru

Jess is spot on about Last Pass.

 

Nothing wrong with it, and your own data will not be shared (unless you decide to drop Google Password Management and choose Last Pass). I keep the browser extension on hand for clients that want to use it for their remote team members (I always urge my clients to secure all their company passwords with a tool like Last Pass).

 

Example:

This is especially great when you have a need for (potentially) many contractors to do updates to a Wordpress site that belongs to a customer. The client can share the access info via Last Pass, but it's not actually visible to the team member. Awesome all around.

TOP SOLUTION AUTHORS
TOP KUDOED MEMBERS