In today’s rapidly evolving era of remote employees, work from home, distributed workforces, and now global epidemics, companies are being forced to rethink their remote employee and work strategies. Security is an ever-present challenge and a solid, reliable and proven password manager such as Bitwarden is a key aspect of making the entire work-from-home ecosystem work well for organizations and their employees.
Employees, like many others, are faced on a daily basis with the challenge of remembering numerous passwords, maintaining secure information, notes and other data for myriad systems, cloud-based providers and an even larger ecosystem of connected services. While many organizations manage access to quite a few systems using Single Sign-On (SSO), not all PaaS, IaaS and SaaS (cloud application) providers support SSO integration, not to mention SSO integration with whatever platform or technology your organization is using. Oftentimes there are other auxiliary systems that your IT professionals, help-desk, customer support and others need access to, as well as internal applications and many other scenarios requiring additional usernames and passwords. In the end, most security professionals agree that organizations need both SSO-compliant and password-based solutions in place to provide the best possible security and user experience.
The core cause of the password problem is this: for passwords to be secure, they need to be complex and unique for each app or service they access -- and that makes them hard to remember. To avoid having to remember so many usernames and passwords employees will often resort to using the same password for many sites, or perhaps all sites. They may even jot them down on a post-it note and attach that to their monitor. This presents some very obvious security concerns especially with high profile data breaches and phishing attacks on the rise. Even with two-step login (also known as 2FA or MFA) more and more security researchers are finding scenarios where a compromised device or other social engineering tricks undermine additional password security measures.
Password managers such as Bitwarden allow your employees to generate unique and strong passwords and/or usernames for every single site they have access to or register an account for. This ensures there is no password reuse and allows organizations using enterprise grade password managers such as Bitwarden to create password complexity rules and other policies to ensure a certain level of security across their employee’s accounts, even for systems they don’t control.
Shared accounts that require another level of control - such as user accounts for a server, an organization’s SSH keys or encryption key password for an SFTP server, etc. - present another set of password challenges for sharing access information. Some password managers such as Bitwarden provide a means of creating and securely storing organization passwords in collections that enable an administrator to share and update those credentials from time to time without having to blast the organization’s users with updated info through less secure channels. In this way organizations can exercise centralized control over who has access to the information.
Password managers are a key component of securing shared secrets within a team and organization as well as ensuring compliance with password complexity and password best practices across organizations. As employees work from home more and more due to organizational, cultural or global pressures it has become a business critical objective to put a solid strategy in place for managing remote access securely with a password manager like Bitwarden.
Editor's Note: This article was originally written on April 14, 2020 and was updated on September 13th, 2022.