Password manager in a corporate environment


My multinational IT company doesn’t allow any password managers and security team told me to memorize my account passwords. At the moment I am using simpliest of passwords on every account, in case of hackers want to access my account because I don’t want to make it harder to them :slight_smile: I am saving all of my passwords into a plain text file too. They actually wanted me to memorize more than 30 accounts and make them secure somehow.

But, is there a secure password manager app, which doesn’t require installation or installation with admin rights, and if possible not show in my org’s security software? In my crappy laptop company installed Symantec Endpoint, Qualys, Cortex XDR, Xagt, Absolute Software Inventory (AbtSngSvc), EDPA? (might be part of Symantec), KeyAccess. I don’t have admin access too.

What I need is a secure password manager with TOTP support.

in case you want a relatively secure but still simple easy to remember password, just type it twice or thrice, even with a dictionary attack it still increases the complexity by a lot

Can you use external USB flash drives? most of the decent password managers have portal versions that can be run off a USB drive, that won’t stop their security software from seeing that you plugged in a USB and ran an executable off of it, but it would allow you to access your passwords.

Is there any reason you can’t use the web version of a password manager and just copy / paste the passwords? since it sounds like they are all for work accounts, any keylogging they have isn’t likely to be an issue since they most likely have administrative access to all of your accounts if they needed it.

Web version or browser extension both don’t need admin access.


Please, please, do not do this in corporate laptops.


Really weird take from your “security” team. Password managers should be offered and managed by your company, did you raise this with your manager?

1 Like

Not just with my manager, also even went to Senior Project Management. They are saying they can’t change security policies even though they don’t make any sense.

@Securely0845 , I can’t use USB drive. I can’t even use microSD.

I tried Chrome’s own password manager but it keeps asking for my Windows password to fill a field instead of my Windows Hello PIN, so it is no longer an option.

Browser extensions are also managed by group policies.

Well instead of using a txt file at least use the web version of a free password manager like bitwarden or protonpass

That’s a bummer, but not surprising considering the level of access control they have in place.

Are you able to use personal phones while at work? you could always run your password manager on that and just type the passwords in, at least you’d have secure accounts.

Or like @Fibonacci suggested, the web version of most of them should work, unless they are intentionally blocking those web pages.

Yeah, I will try web versions of BW and 1Pass tomorrow. I am hesitating with Proton because they might say it can be used for file transfer.

You might be able to use KeePass, but I would suggest not to install third party software that is not approved.

Web based like Bitwarden or proton pass would actually be worse and, would refrain from using that. Your company will not have agreements with those parties, and you are basically doing something that has not been approved.

I myself work as security officer at a corporate too, and we provide password managers, but we definitely do not take it lightly when someone uses their own solution.


so can bitwarden. They also offer file sharing

1 Like

We have an internal software repository but not a single password management software.

I tried to reason with security team, gave them NIST pages, tried to explain them that no one can remember all the passwords and there is no way to store 2FA codes securely but they didn’t listen

So odd, but yeah hard call I would say. If I were in your shoes I would probably ask my manager to approve my use of KeePass, that will keep you a bit guarded. KeePass at least is offline, and you will not deal with any other parties over internet.

If I remember correctly it has a portable version which doesn’t require installation, right?

Also, can I store TOTP codes in it?

yes, yes

Superb, thank you

1 Like

This sounds like a satire of terrible security teams. It’s like they want people to reuse weak passwords, which is the only way most people could remember 30 of them. The security people I know would be overjoyed if their end users came to them because they wanted to manage long and complex passwords with well established software. Baffling.


I even told them that I can pay for the subscription fee if they are being cheap, but nope.

Not sure why this is accepted answer, that download page has a lot of third party links that aren’t really of high quality.

KeepassDX is the option we recommend for local storage Android devices. I would not recommend installing KeepassXC on a work machine if they’ve forbidden it. All of those have TOTP.

Another solution is to use a password manager anyway on your phone, which is not a device controlled by them.

1 Like