Skip to content
English
Visit our website
  • There are no suggestions because the search field is empty.

Password Managers: A Guide

In a world where you need an account or an app for everything, most people are tasked withremembering an increasing number of passwords. Password Managers are a critical solution to this problem, improving password security and user convenience.

What is a password manager?
A password manager is a technology that creates and stores passwords for access to accounts. They can be installed on multiple devices for synced up log ins. They can also have browser extensions that allow users to access and even autofill passwords for website log ins. When combined with MFA, they are a core credential management technology.

A password manager can be deployed centrally by an IT team to ensure uniform roll out among users, and allow the setting up of secure password sharing between users.

How password managers help
Remembering multiple passwords is increasingly difficult, especially when cybersecurity best practices discourage reusing passwords. Password managers alleviate issues of duplicity, complexity, storage, and accessibility. They eliminate the need for password reuse by generating unique, strong passwords for each account. They enhance accessibility, allowing users to retrieve credentials on-demand, whether on a local device or synced across platforms via the cloud. Finally, they reduce the amount of time IT teams spend on resetting lost passwords to help users regain access to accounts.

How password managers work
When installed on a device or browser, password managers can generate strong, unique passwords for a user, then encrypt and store the credentials in a secure vault. Users access to this vault through using a single master password, which should be reinforced with multi-factor authentication (MFA). Password managers can also alert users to re-used passwords and potential breaches. Different products have a range of features and you should research the options available to you.

Local vs Cloud password managers
Local storage keeps passwords on a user’s device, offering increased control and minimizing server-side breaches. However, this approach limits accessibility, as syncing across devices requires separate licenses and manual steps. Local storage also demands vigilance against threats like keyloggers. Cloud storage enhances accessibility by syncing password vaults across devices, enabling users to recover their vaults even if a device is lost. As with all cloud services, their security depends on the provider’s encryption practices and server-side protections.

Personal vs professional
Password managers are a way of ensuring that users keep organization credentials separate to personal passwords. This reduces the risk of users accidentally compromising organization credentials if they experience a personal hack or device theft. It also reduces the chance of users reusing personal account credentials for professional accounts, and thereby increasing the chances of a threat actor being able to gain access to your organization by inferring a user is re-using passwords across accounts.

Do password managers replace the need for MFA?
No. Password managers and MFA are both important elements of credential management, but they perform different functions.

Password managers create and store credentials, while MFA reinforces credentials by adding an extra step to the authentication of users trying to use credentials. Most password managers can detect whether MFA is available on websites and will prompt users to enable, but they cannot replace the critical need for MFA to be deployed for all users at an organization.

How do I roll out a password manager solution?
It is important to assess the impact of rolling out a password manager at your organization. Consider whether the stringent control of a local solution outweighs its lack of convenience or if the accessibility of a cloud-based manager is in light with your organization's risk appetite. Additionally, evaluate how your team will adapt to the workflow changes these tools introduce. Making the use of a password manager a part of your AUP or Password Policy is a way to enshrine their use at your organization.

Checklist
Before you roll out a password manager at your organization, consider the following:

  • What are the different solutions available on the market and which one has the features needed?
  • How much are we willing to spend?
  • Do we want to roll this out to all users? If so what training is required and what permissions do different users need?
  • How do we enshrine using a password manager in our policies?
  • Is the password manager compatible with our MFA solution?