Despite numerous predictions of their demise as a security credential, passwords remain in widespread use within organisations of all sizes.
Indeed, rather than disappearing, the number of passwords continues to grow as people require access to an increasing number of systems to complete their daily tasks.
In response to this trend, it has become common for IT departments to deploy a single sign-on (SSO) infrastructure. SSO allows a staff member to sign in just once and have access to all the applications and sources of data they require.
However, there are often a range of resources not covered by SSO security. They might be cloud-based platforms used to store data, external communications services used to connect with colleagues or clients, or even shadow IT.
As a result, an organisation’s IT team may not have oversight of all the passwords being used by staff. This means team members will be unaware of people who might be using weak passwords, sharing them with others, or storing them insecurely.
This situation can have serious consequences. Misused or stolen passwords can result in hijacked accounts, unauthorised access to systems, and data exfiltration.
Things become even more complex when staff members leave an organisation. If their log-in credentials are not fully deprovisioned, any remaining access can become an attack vector for cybercriminals.
Using consumer-grade password managers
To combat these challenges, some organisations have turned to consumer-grade password managers. These tools provide the ability to store multiple passwords in a secure vault with access requiring knowledge of an overarching ‘master’ password.
Such password managers are popular with users as they remove the need to remember multiple passwords. This reduces the likelihood that the same password will be used to access multiple resources, thereby creating a security weakness.
However, while such tools do address some of the challenges around effective and secure password management, they fall short in a number of key areas. These include:
A lack of enterprise-grade security:
Because they don’t offer the same level of security as enterprise-grade alternatives, consumer-grade password managers are susceptible to hacker attacks, such as man-in-the-middle, stealing session tokens, or installing keylogging malware. The vulnerabilities that exist in these tools can expose sensitive credentials to attackers.
A lack of auditability and reporting capabilities:
If consumer-grade password managers are in use, an organisation will find it has only limited visibility into who accessed which passwords and when.
Password sharing challenges:
It can be common for team members to share passwords needed to access centralised services or resources. However, consumer-grade password managers often lack the features that allow secure sharing and the reporting of shared passwords.
Risks posed by ‘Shadow IT’:
Employees may resort to what is termed ‘shadow IT’ where they make use of applications and tools outside the control of an organisation’s IT department. If consumer-grade password managers are used to store associated passwords, it can create an additional avenue for attackers to gain access.
The benefits of deploying enterprise-grade alternatives
Organisations that instead opt to deploy and maintain enterprise-grade password managers will gain some significant benefits. As well as improved security, overall management of access rights for staff will be streamlined and hardened. Some of the specific benefits enterprise-grade tools can provide include:
Improved user experience through the use of secure personal folders:
Many enterprise-grade password management tools provide each user with their own secure personal folder, thus giving them secure storage for their passwords. This easy storage method removes the need for users to remember individual passwords or engage in unsecure password storage.
Simplified access through a browser extension:
Users can conveniently access their stored passwords and log into enterprise applications directly from web browsers using a web browser extension. The stored passwords are auto filled in the application login process. This enables a fast and secure login process, while preserving a familiar and user-friendly experience.
Comprehensive auditing and reporting capabilities:
The best enterprise password tools will support robust auditing and reporting capabilities. This empowers an organisation with the ability to maintain oversight and compliance of password usage. Comprehensive audit trails also enable organisations to track who accessed which passwords, when, and for what purpose.
Enhanced capability to meet cyber insurance requirements:
As the threat of cyberattacks continues to increase, providers of cyber insurance are increasingly demanding better security controls and oversight. Password management is a critical part of this requirement. By implementing an enterprise-grade password manager, an organisation can reduce the risk associated with password compromise and make itself a more attractive candidate for cyber insurance coverage.
Improved enforcement of strong password usage:
Enterprise password managers also allow an IT team to set requirements for users to have complex passwords and not reuse them in multiple locations. This can increase security and reduce the chance of a breach.
Organisations that opt to deploy enterprise-grade password management solutions enjoy both improved levels of security and increased user satisfaction. The risks of poor password practices are significantly reduced and centralised IT resources are more secure.