The Bitwarden Blog
Choosing the Right Password Manager for Your Business
June 7, 2021
Creating a complete online security tech stack for workplaces includes adding password management for employees. Why? Because hacked company accounts often stem from weak and compromised passwords. And as more employees work remotely, password management best practices become even more critical. A password manager can help, but with so many options available, how do you choose the right one? Start by identifying your requirements and assessing password manager capabilities that best meet your business needs.
Every business has a unique security profile and can strengthen different areas at risk of credential stealing. Malicious actors exploit common methods to steal log-in credentials, including:
- Phishing emails
- Insider threats (both inadvertent and intended)
- Shadow IT environments or the use of unsanctioned services
Know which areas to strengthen your security profile by looking at common password behaviors in the workplace.
Convenience usually wins out when it comes to password sharing and storage. A surprisingly high percentage of IT decision-makers share passwords through email (nearly 40% - according to a 2020 Bitwarden Passwords Decisions Survey). Without a formal password sharing policy, ad-hoc password storage methods can be a cause for concern. 77% of respondents said they maintain passwords on their PCs in documents and spreadsheets, while others kept them on paper or claimed to memorize them – implying they lack complexity and uniqueness.
Duplicate passwords also serve as another common password security theme. Password re-use across different accounts remains an overall concern for corporate security. For example, suppose an employee uses the same password for the corporate network and a social media account. If a hack occurs on the same account in a brute force attack, the corporate network could be vulnerable.
When assessing risks and identifying business password requirements, most organizations need to consider the following key areas:
- Identifying exposed, reused, weak, or potentially compromised passwords
- Setting policies to protect employees from using weak passwords
- Ensuring all passwords are stored securely
- Educating employees about password management best practices
- Delivering a secure data sharing framework for employees
- Enabling remote employees to share passwords securely
- Mitigating the likelihood of successful phishing attacks
- Increasing employee accountability for security best practices
Looking at the minimum requirements above, most password managers have random password generators that can create very strong password combinations. But not all systems allow businesses to apply policies stipulating new passwords must be at least a certain number of characters in length and be configured to include a combination of upper and lower case letters, numbers, and special characters. A policy option helps protect employees from using weak passwords.
Policies can also assist with password management best practices and encourage employees to avoid less secure shortcuts. Audit logs monitor who creates, changes, and/or shares passwords to increase employee accountability for security. Aiming to minimize the likelihood of successful phishing attacks, the password manager should retain official site URLs, thereby providing a secondary signal to keep away from imposter sites.
A permission-based structure helps employees securely share passwords. While end-to-end encryption should be the default standard for any password manager, those combining encryption, policies, and permission-based structures will store passwords more securely than those that do not employ these methods.
To identify exposed, reused, weak, or potentially compromised passwords, the password manager should report on password usage and potential vulnerabilities.
We see the choice boiling down to these five key questions:
- Does it operate cross-platform no matter where employees are located?
- Does it support enterprise-grade security and compliance standards, including complete end-to-end encryption with zero knowledge of your vault data?
- Does it support seamless integrations with existing systems such as SSO authentication or directory services?
- Does it offer source code transparency for heightened visibility to infrastructure and security methods?
- Does it support a self-host deployment option?
If you answered yes to some or all of those questions, then we recommend you test out the Bitwarden Enterprise plan for your business. Or learn how other organizations, such as Intesys, are taking advantage of the secure and flexible features available in the Bitwarden platform today.
“Bitwarden is a solution to the enterprise-class headache. No more uncertainty and process approximation around password management. No more unsecured sharing. It has all the functionality you expect from an open source platform.”
Alberto Gaiga, CEO, Intesys
The best way to pick the right password manager is to try it out yourself. Get started with a free 7-day trial of our Enterprise plan, or check out our other options built for you or your business. Start Using the Bitwarden Password Manager Today!
Back to Blog