Given the number of options on the table, identifying the best password manager for your business can seem like a daunting task. But, it doesn’t have to be. There are a few key factors that should play a role in allowing IT decision makers (ITDMs) to narrow down the list of options and find a password manager that meets your business needs. Before assessing what those are, some background into the enterprise security landscape: according to the 451 Research Enterprise Password Management Survey of ITDMs, 57% of respondents used password management tools and another 15% said they would be adopting password management tools. Almost all (93%) said they were maintaining or increasing their password management budgets. Almost a third (29%) of respondents have had a security incident related to passwords. Of those, 37% had significantly or somewhat impacted internal operations. Clearly, there is appetite for the enterprise-wide deployment of password managers.
When asked their top reason for selecting a password management tool, 51% of respondents in the 451 Research Survey cited ‘account fraud’. When asked what makes a ‘good’ password manager, 60% of ITDMs in the the Bitwarden 2023 Password Decisions Survey cited security, followed by the availability of two-factor authentication (2FA).
Clearly, security is a priority to ITDMs evaluating the best enterprise password manager. One of the most effective strategies for ensuring robust security is through the use of end-to-end encryption. Bitwarden encrypts sensitive user data as soon as it enters the Bitwarden client. There is no such thing as unencrypted vault data, except when the user is in control, viewing the information in a Bitwarden client where they have entered their email address and master password. From there, all vault data remains encrypted when sent to the Bitwarden Cloud or a self-hosted Bitwarden server. Upon synchronizing the data to other clients, it remains encrypted until the unique email address and master password are re-entered.
In a nutshell, end-to-end encryption through a user’s email and master password ensures that Bitwarden as a company cannot see passwords and can never access a user’s master password.
An additional strategy for strengthening overall enterprise security is to deploy a password manager that has undergone third-party audits. These should include source code assessments and penetration testing across IPs, servers, and web applications.
The ability to access the password management tool anywhere, on any device - also known as cross-platform availability - should be a major consideration when evaluating enterprise password managers. Gone are the days when employees were tethered to one computer in the same physical space; in the era of distributed, hybrid, and remote work, employees are logging in from different devices, in different locations all over the world. With a growing number of access points simultaneously increasing the availability of attack surfaces for cyber criminals, it’s imperative that password managers are able to cover all bases.
As briefly mentioned above, 56% of ITDMs in the Bitwarden 2023 Password Decisions Survey cited 2FA as an important attribute of a ‘good’ password manager. According to the same survey, 92% of respondents use it in the workplace, up from 88% last year. And with good reason. As far as security technologies go, the power of 2FA is indisputable. Websites that use 2FA require users to verify their identity by entering an additional "token" (also called verification code or one-time password (OTP)) besides a username and password, typically retrieved from a different device.
Without physical access to the token from a user’s secondary device, cyber criminals are unable to access the website, even if they discover the user’s username and password.
Common methods for facilitating 2FA include sending tokens through SMS/text messages, requesting a token through an authenticator app, such as Authy or Google Authenticator, or utilizing a physical security key, such as Yubikey.
The best enterprise password manager should be highly secure, offer cross-platform availability, and allow users to enable 2FA. It should also be relatively easy to use. ITDMs who put all their eggs in the security basket would be remiss if they didn’t consider the importance of selecting a product that mitigates user friction. Employees shouldering heavy workloads and time constraints won’t be pleased if they have to spend time figuring out the mechanics of their enterprise password manager. Common sense dictates they will likely attempt to make an end-run around the product or use something else. According to the Bitwarden 2023 Password Decisions Survey, almost one-third (32%) of IT decision makers and 49% of employees engage in ‘shadow IT’.
To recap, factors that should play a role in the selection of the best enterprise password manager for your business are security, cross-platform availability, 2FA integration, and ease-of-use. Other variables ITDMs should consider is whether a solution offers self-hosting, is built on open source technology, and supports biometric logins. Biometric and passwordless login are becoming increasingly attractive options for enterprise ITDMs. In the Bitwarden 2023 Password Decisions survey, around half (49%) of respondents said they are deploying or have plans to deploy passwordless technologies. A majority (51%) are relying on the ‘something you are’ (i.e. biometric) forms of authentication. While adoption may be slow - passwords are still ubiquitous - expect biometric technology to increasingly make inroads and become a greater factor for ITDMs assessing the best enterprise password manager for their business.