InMotion Hosting embraces Bitwarden as part of security-focused culture

InMotion Hosting is a Virginia-based web hosting service geared toward businesses. The company had, per InMotion Hosting SysOps Senior Platform Security Engineer Noah Ablaseau, required password management use for some time internally. Previously, InMotion had relied on KeePass for its password management. Over time, road bumps arose that led the company to make a change.

“Over the years we identified a number of issues with this kind of personal password management, such as with KeePass back-ups leaving the organization,” states Ablaseau. “It was a bit too technical for our non-technical users and we found that users will often substitute security for convenience when left to their own devices. Speaking to [the need for] unique passwords for every single credential - when you’re not presented with an option to make that easy, it’s really easy to just be lazy.”

Instead of throwing in the password management towel, InMotion opted to look for a new solution to implement throughout the organization. In researching options, InMotion identified certain criteria. Specifically, it desired:

• Centralized management and storage 

• Administrative oversight

• Password usage tracking via event logs 

• The ability to enforce strict requirements for master password creation

InMotion found all that in Bitwarden which, as Ablaseau describes, subtly delivers security to users in that they are presented with convenience while remaining ultra-secure. Bitwarden makes the secure path the easier path, and so boosts user adoption. 

In seeking to encourage end-user adoption of Bitwarden, InMotion recognized the reality that users are the weakest link in organizational security. Says Ablaseau, “The question is how you approach that issue. In my opinion, understanding users and their needs is one of the most important parts to getting started. It doesn’t work to just throw a security option at your staff and hope they accept it.” To further along acceptance, companies should gather feedback, shadow users, and generally remain open-minded to the needs of their particular team.

InMotion is committed to promoting a security-focused culture, which Ablaseau believes can be best cultivated by keeping dialogue open and fostering a climate that allows users to come forward and admit when they made a mistake, such as clicking on a dubious-looking link. Fortunately, use of a comprehensive password management tool - in this case, Bitwarden - helps mitigate the impact of mistakes.