The Bitwarden Blog
University of Toronto Press Solves for Efficient Password Sharing with Bitwarden
September 30th, 2021
- Founded: 1901
- Industry: Publishing, Retail
- End Users: 250-300
- Location: Toronto, Ontario
Founded in 1901, University of Toronto Press (UTP) is Canada’s leading academic publisher and one of the largest university presses in North America. Each year, UTP publishes approximately 180 new scholarly, course, and general interest books. UTP has a reputation for excellence that stems from the publication of influential authors and outstanding research.
UTP operations were beleaguered by an often overlooked challenge: passwords. While the team was familiar with password managers, the problem was everyone was using a different one. Shane Rodness, associate network administrator, describes: “The team was using password managers, but since everyone was using the password manager of their choice...there was a mixture of people using different [managers]. We couldn’t share passwords.”
In short, password management was left to the users, and it resulted in a jumbled mixture of solutions: several popular password managers and obscure localized managers were in use, and none were able to talk to each other. “There was no centralized control, no centralized user management, and definitely no way to share passwords in a secure and scalable way,” Rodness said.
Rodness and the rest of the UTP IT department sat down to evaluate the different password management options. In the end, the clear choice that met all their needs was Bitwarden. In particular, the way that Bitwarden handles sharing through collections, which can be thought of as shared folders of passwords that are assigned to specific user groups. Rodness explained: “The biggest challenge we had was securely sharing passwords and secrets - this was something we needed to solve for. Bitwarden collections for secure sharing allowed us to scale password management in an eloquent way - it checked so many boxes.”
Why did UTP choose Bitwarden?
- Open source
- Cross platform/device
- Security audits
- Secure sharing
UTP arranged their passwords into team-focused collections, which can be thought of as a shared folder of passwords in a Bitwarden organization. A Developer collection was assigned to the developer team, one was created for the retail support team, and so on, with a separate collection for privileged administrators. With each collection created, Rodness and team gave the users permission to add new passwords for sharing amongst themselves without IT intervention, “We were able to divide collections into teams and create a structure that really worked for us.”
Between groups and collections, Bitwarden offers an efficient solution for sharing passwords, and a way for UTP to manage passwords at scale. This flexibility enables a variety of solutions such as organizing by team, department, function, or more.
While evaluating Bitwarden, Rodness took a close look at Bitwarden Send, a powerful built-in feature for one-to-one encrypted sharing of text or files.
Rodness explained, “Bitwarden Send solved a problem that we didn’t know we had. Right now we’re using Bitwarden within the IT department, but if we need to communicate a password to an end user [that hasn’t been set up in Bitwarden], that’s where Bitwarden Send comes in and it solved that problem effectively.”
The way Bitwarden Send works is that it encrypts a file or block of text and generates a link of the encrypted information on the Bitwarden Cloud. The user generating the Send can relay the link to the recipient through a trusted channel such as internal Instant Message. Upon clicking the link, the content downloads and decrypts locally. As only the encrypted file is hosted, Bitwarden cannot see the file contents. Other settings available with Bitwarden Send include limiting the number of downloads, assigning an expiration date, adding password protection, and more.
“Bitwarden Send is an outstanding way to send text, passwords, and information securely. I can’t say enough great things.”
The Command Line Interface (CLI) allows technical users quick and easy access to all functions available in other Bitwarden client applications. This enables scripting and automating Bitwarden functions, as Rodness describes: “[Bitwarden] CLI is an integral part of my scripting process for user onboarding and password sharing. The CLI allows me to generate that password and save it in whatever variable I want.
I can then use Bitwarden Send within that CLI to generate a link that is passed along to a manager or employee. All of this can be automated, which makes my life easier. As someone who writes scripts designed for automation, to be able to leverage Bitwarden within the CLI is a phenomenal thing.”
With a unified system for password management, Bitwarden Send, and automation through the Command Line Interface, the IT team has seen an improvement across internal operations. The UTP team estimates that they save 10 hours of IT time per week.
“There are absolutely improvements in productivity, there’s improvements in the workflow. Bitwarden allows me to be more productive and have quicker solutions that are also more secure. I am able to leverage Bitwarden in any of my automations.”
With 120 years of publishing leadership, UTP plans to remain an important part of the greater academic publishing community. As IT complexity and security risks have grown, protecting UTP employees from insecure passwords and data breaches is more important than ever.
“There are multiple layers of security and password management is 100 percent a part of that,'' said Rodness. “Everyone is concerned about internal security - we’re always looking for ways to improve processes. Bitwarden has become a critical piece of our security posture.”
To see more about what Bitwarden is able to do for businesses, visit bitwarden.com today!
Back to Blog