Could the security team provide guidance on whether utilizing third-party services like 1Password for password management is acceptable?
I've noticed several projects already adopting it, but I couldn't find any documentation clarifying whether third-party services are deemed acceptable or not. In our project scenario, we manage a handful of accounts, most of which require OTP (one-time passwords). Leveraging password managers like 1Password enables us to share OTPs easily. Without a password manager, in some cases, I would have to wait for an individual to log in to fetch the OTP from their Authenticator app or even from a text message to their phone. This could become problematic if the person becomes inactive or goes on vacation. The access to the password manager would only be given to Project Management Committee (PMC) members who requested it. I've created a 1Password Team account but am currently waiting to see what the security team's stance is on using such services before I upload any information.
