As a technology consultant, I find it surprising that many clients have yet to adopt a business-class password manager. I am continually exposed to passwords from their corporate applications and vendor product integrations held by individuals within the organization.
I’ve seen API keys stored in unencrypted files in Google Drive, Dropbox, or Microsoft OneDrive. The worst is when I see .pem, .key, or .pfk files accessible via the same file storage as API keys. These files allow access to critical parts of the corporate infrastructure and usually provide Administrators with access to business systems.
The Risk of Unknown Passwords
All it takes is one phishing breach, and bang, the door is opened for the bad actors to take advantage of the system. Phishing attacks account for over 90% of the security breaches, according to the Cybersecurity and Infrastructure Security Agency (CISA)
With the rise of cyber-attacks and data breaches, it is more crucial than ever for companies to prioritize strong password management practices. This includes using a business-class password manager, enabling two-factor authentication, implementing strong passwords, and updating passwords regularly.
One of the most significant challenges in password management within organizations is when an employee leaves or changes positions. Retrieving passwords and revoking access for former employees is time-consuming and inefficient without a centralized password manager.
This not only poses a security risk, but also disrupts workflow when new employees join the organization.
Strong password management can protect corporate systems and data as well as employees’ personal information. With many individuals using the same password for multiple accounts, a data breach at work could potentially lead to compromised personal accounts.
By implementing secure password practices within the workplace, companies can also help their employees protect their personal information.
I have compiled an analysis of the top five password managers that excel at managing passwords, API keys/secrets, and PEM files while offering robust access control.
1Password – Business & Enterprise
1Password offers a comprehensive solution that is easy to use across all devices. It supports the management of passwords, API keys, and secure notes (which can store PEM files).
1Password’s standout features include its slick user interface, seamless autofill capabilities, and robust sharing functionalities. It also features a Travel Mode that temporarily removes sensitive data from devices while crossing borders. The product offers security features for software development, such as eliminating credential storage in code, securing the deployment pipeline, and enabling push, pull, and commits to code repositories.
This password manager is highly secure, with no reported prior data breaches to its systems. It also provides various handy features, like secure file storage and login autofill.
Benefits
- Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari
- Audit security logs
- Customizable access control policies
- SOC2 Type 2 compliant
- GDPR, CCPA compliant
- Two-factor authentication – Supports Microsoft Authenticator, Authy, and Okta Verify.
- Account recovery
- SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.
- Admin controls to manage employees, permissions, and delegate responsibilities
- Advanced reporting for compromised employee emails and vulnerable passwords
- Free family accounts for all employees – Enterprise Only
- 24/7 dedicated business support
- Available on Mac, iOS, Windows, Android, Chrome OS, and Linux
Pricing
Business = $19.99/mo for up to 10 users
Enterprise = $7.99/user/month (billed annually)
Bitwarden – Business Team and Enterprise
Bitwarden is the only open-source password manager out of this selection. It offers a free version with unlimited password storage and device syncing. It’s highly secure and audited annually by third-party cybersecurity firms.
Bitwarden also provides an Enterprise plan. It supports the safe storage of passwords and notes, which can be used to manage API keys and PEM files. Its Enterprise plan includes features like vault health reports, emergency access, and advanced multifactor authentication options.
Bitwarden uses 256-bit AES encryption and passed a third-party security audit. However, FlashPoint’s March 2023 report found a vulnerability in Bitwarden’s auto-filling feature that could allow malicious iframes to steal user credentials from legitimate sites.
Bitwarden had been aware of this vulnerability for years, but whether they addressed the root cause remains unclear. For safety reasons, the auto-fill feature is disabled by default.
Benefits
- Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari
- Audit security logs
- Customizable access control policies
- SOC2 Type 2 compliant
- GDPR, CCPA compliant
- Basic two-factor authentication with various authenticator applications – Organization authentication with DUO is available for Enterprise licenses.
- Account recovery
- SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.
- Admin controls to manage employees, permissions, and delegate responsibilities
- Advanced reporting for compromised employee emails and vulnerable passwords
- Free family accounts for all employees – Enterprise Only.
- There is a self-hosted option is available.
- 24/7 dedicated business support
- Available on Mac, iOS, Windows, Android, Chrome OS, and Linux
Note: For Vivaldi, Brave, and Tor, only the most recent version of the browser extension is supported. The Safari browser extension is packaged with the desktop app and is available for download from the macOS App Store.
Pricing:
Teams = $4.00/user/month (billed annually)
Enterprise = $6.00/user/month (billed annually)
Keeper
Keeper provides a secure password and secret management environment suitable for individual and enterprise use. It offers robust features such as secure file storage, which can be used to manage PEM files, and a user-friendly interface for controlling access to passwords and API keys.
Keeper also includes features like dark web monitoring and strongly emphasizes security with its zero-knowledge architecture. There are no known breaches of their platform.
Benefits:
- Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari
- Audit security logs
- Customizable access control policies
- BreachWatch scans the dark web for stolen credentials and alerts users if their information is compromised.
- Basic two-factor authentication with various authenticator applications.
- Account recovery
- SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.
- Admin controls to manage employees, permissions, and delegate responsibilities
- Advanced reporting for compromised employee emails and vulnerable passwords
- 24/7 dedicated business support
- Available on Mac, iOS, Windows, Android, Chrome OS, and Linux
Pricing:
Business: $3.75/user/month (billed annually)
Enterprise: Need to quote
Dashlane
Dashlane is known for its strong security credentials and ease of use. It supports the storage of passwords and secure notes, which can be used for API keys and PEM files.
Dashlane’s features include a built-in VPN for additional online security and dark web monitoring to alert users to potential data breaches. It also offers robust access control features, making it a good choice for businesses looking to manage those with access to certain types of sensitive information.
Another feature is the automatic password changer. This feature will change passwords on your websites with one click. When someone leaves the company, it’s a great tool, and you must remove access to website applications.
Benefits:
- Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari
- Audit security logs
- Customizable access control policies
- Built-in Virtual Private Network (VPN)
- Automatic Password Changer
- Basic two-factor authentication with various authenticator applications.
- Account recovery
- SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.
- Admin controls to manage employees, permissions, and delegate responsibilities
- Advanced reporting for compromised employee emails and vulnerable passwords
- 24/7 dedicated business support
- Available on Mac, iOS, Windows, Android, Chrome OS, and Linux.
Pricing:
Business: $8.00/user/month (billed annually)
Enterprise: Need to quote
ManageEngine Password Manager Pro
This tool suits enterprise environments where managing resource access is crucial. It offers extensive access control features, including role-based access controls and automated workflows for password access, which are essential for securely managing API keys and PEM files. Password Manager Pro allows for detailed audit trails and real-time alerts on password access, providing high security and compliance.
Benefits:
- High-end scalability
- Comprehensive audit trails
- Real-time alerts
- Windows Password Manager
- Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari
- Audit security logs
- Customizable access control policies
- Basic two-factor authentication with various authenticator applications.
- Automated Password Changes
- Password Policy Governance
- Account recovery
- SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.
- Admin controls to manage employees, permissions, and delegate responsibilities
- Advanced reporting for compromised employee emails and vulnerable passwords
- 24/7 dedicated business support
- Available on Mac, iOS, Windows, Android, Chrome OS, and Linux.
Pricing:
Need to request a quote
Summary
These password managers are selected based on their ability to securely manage not only passwords but also other sensitive information like API keys and PEM files, coupled with their robust access control mechanisms to manage who has access to these resources.
When we conduct technology audits for your company, we investigate and report on various areas. Most importantly, you will understand how your organization manages access to essential operational systems.
In summary, effective password management is crucial for maintaining your organization’s security and efficiency. Therefore, a centralized password manager streamlines employee access and significantly reduces the risk of data breaches. We discussed how security by design goes a long way to protect from unwanted breaches.
WAV Group conducts comprehensive technology audits to evaluate your current systems and recommend top-notch solutions for securing your sensitive information. Contact us today to ensure your company is safeguarded against potential security threats.
Tell your MLS you want a Passkey based SSO solution!