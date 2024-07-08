As a technology consultant, I find it surprising that many clients have yet to adopt a business-class password manager. I am continually exposed to passwords from their corporate applications and vendor product integrations held by individuals within the organization.

I’ve seen API keys stored in unencrypted files in Google Drive, Dropbox, or Microsoft OneDrive. The worst is when I see .pem, .key, or .pfk files accessible via the same file storage as API keys. These files allow access to critical parts of the corporate infrastructure and usually provide Administrators with access to business systems.

The Risk of Unknown Passwords

All it takes is one phishing breach, and bang, the door is opened for the bad actors to take advantage of the system. Phishing attacks account for over 90% of the security breaches, according to the Cybersecurity and Infrastructure Security Agency (CISA)

With the rise of cyber-attacks and data breaches, it is more crucial than ever for companies to prioritize strong password management practices. This includes using a business-class password manager, enabling two-factor authentication, implementing strong passwords, and updating passwords regularly.

One of the most significant challenges in password management within organizations is when an employee leaves or changes positions. Retrieving passwords and revoking access for former employees is time-consuming and inefficient without a centralized password manager.

This not only poses a security risk, but also disrupts workflow when new employees join the organization.

Strong password management can protect corporate systems and data as well as employees’ personal information. With many individuals using the same password for multiple accounts, a data breach at work could potentially lead to compromised personal accounts.

By implementing secure password practices within the workplace, companies can also help their employees protect their personal information.

I have compiled an analysis of the top five password managers that excel at managing passwords, API keys/secrets, and PEM files while offering robust access control.

1Password – Business & Enterprise

1Password offers a comprehensive solution that is easy to use across all devices. It supports the management of passwords, API keys, and secure notes (which can store PEM files).

1Password’s standout features include its slick user interface, seamless autofill capabilities, and robust sharing functionalities. It also features a Travel Mode that temporarily removes sensitive data from devices while crossing borders. The product offers security features for software development, such as eliminating credential storage in code, securing the deployment pipeline, and enabling push, pull, and commits to code repositories.

This password manager is highly secure, with no reported prior data breaches to its systems. It also provides various handy features, like secure file storage and login autofill.

Benefits

Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari

Audit security logs

Customizable access control policies

SOC2 Type 2 compliant

GDPR, CCPA compliant

Two-factor authentication – Supports Microsoft Authenticator, Authy, and Okta Verify.

Account recovery

SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.

Admin controls to manage employees, permissions, and delegate responsibilities

Advanced reporting for compromised employee emails and vulnerable passwords

Free family accounts for all employees – Enterprise Only

24/7 dedicated business support

Available on Mac, iOS, Windows, Android, Chrome OS, and Linux

Pricing

Business = $19.99/mo for up to 10 users

Enterprise = $7.99/user/month (billed annually)

Bitwarden – Business Team and Enterprise

Bitwarden is the only open-source password manager out of this selection. It offers a free version with unlimited password storage and device syncing. It’s highly secure and audited annually by third-party cybersecurity firms.

Bitwarden also provides an Enterprise plan. It supports the safe storage of passwords and notes, which can be used to manage API keys and PEM files. Its Enterprise plan includes features like vault health reports, emergency access, and advanced multifactor authentication options.

Bitwarden uses 256-bit AES encryption and passed a third-party security audit. However, FlashPoint’s March 2023 report found a vulnerability in Bitwarden’s auto-filling feature that could allow malicious iframes to steal user credentials from legitimate sites.

Bitwarden had been aware of this vulnerability for years, but whether they addressed the root cause remains unclear. For safety reasons, the auto-fill feature is disabled by default.

Benefits

Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari

Audit security logs

Customizable access control policies

SOC2 Type 2 compliant

GDPR, CCPA compliant

Basic two-factor authentication with various authenticator applications – Organization authentication with DUO is available for Enterprise licenses.

Account recovery

SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.

Admin controls to manage employees, permissions, and delegate responsibilities

Advanced reporting for compromised employee emails and vulnerable passwords

Free family accounts for all employees – Enterprise Only.

There is a self-hosted option is available.

24/7 dedicated business support

Available on Mac, iOS, Windows, Android, Chrome OS, and Linux

Note: For Vivaldi, Brave, and Tor, only the most recent version of the browser extension is supported. The Safari browser extension is packaged with the desktop app and is available for download from the macOS App Store.

Pricing:

Teams = $4.00/user/month (billed annually)

Enterprise = $6.00/user/month (billed annually)

Keeper

Keeper provides a secure password and secret management environment suitable for individual and enterprise use. It offers robust features such as secure file storage, which can be used to manage PEM files, and a user-friendly interface for controlling access to passwords and API keys.

Keeper also includes features like dark web monitoring and strongly emphasizes security with its zero-knowledge architecture. There are no known breaches of their platform.

Benefits:

Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari

Audit security logs

Customizable access control policies

BreachWatch scans the dark web for stolen credentials and alerts users if their information is compromised.

Basic two-factor authentication with various authenticator applications.

Account recovery

SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.

Admin controls to manage employees, permissions, and delegate responsibilities

Advanced reporting for compromised employee emails and vulnerable passwords

24/7 dedicated business support

Available on Mac, iOS, Windows, Android, Chrome OS, and Linux

Pricing:

Business: $3.75/user/month (billed annually)

Enterprise: Need to quote

Dashlane

Dashlane is known for its strong security credentials and ease of use. It supports the storage of passwords and secure notes, which can be used for API keys and PEM files.

Dashlane’s features include a built-in VPN for additional online security and dark web monitoring to alert users to potential data breaches. It also offers robust access control features, making it a good choice for businesses looking to manage those with access to certain types of sensitive information.

Another feature is the automatic password changer. This feature will change passwords on your websites with one click. When someone leaves the company, it’s a great tool, and you must remove access to website applications.

Benefits:

Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari

Audit security logs

Customizable access control policies

Built-in Virtual Private Network (VPN)

Automatic Password Changer

Basic two-factor authentication with various authenticator applications.

Account recovery

SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.

Admin controls to manage employees, permissions, and delegate responsibilities

Advanced reporting for compromised employee emails and vulnerable passwords

24/7 dedicated business support

Available on Mac, iOS, Windows, Android, Chrome OS, and Linux.

Pricing:

Business: $8.00/user/month (billed annually)

Enterprise: Need to quote

ManageEngine Password Manager Pro

This tool suits enterprise environments where managing resource access is crucial. It offers extensive access control features, including role-based access controls and automated workflows for password access, which are essential for securely managing API keys and PEM files. Password Manager Pro allows for detailed audit trails and real-time alerts on password access, providing high security and compliance.

Benefits:

High-end scalability

Comprehensive audit trails

Real-time alerts

Windows Password Manager

Supported Browser Extensions: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and Safari

Audit security logs

Customizable access control policies

Basic two-factor authentication with various authenticator applications.

Automated Password Changes

Password Policy Governance

Account recovery

SSO Integration with Azure AD (Microsoft 365) and others – Enterprise only.

Admin controls to manage employees, permissions, and delegate responsibilities

Advanced reporting for compromised employee emails and vulnerable passwords

24/7 dedicated business support

Available on Mac, iOS, Windows, Android, Chrome OS, and Linux.

Pricing:

Need to request a quote

Summary

These password managers are selected based on their ability to securely manage not only passwords but also other sensitive information like API keys and PEM files, coupled with their robust access control mechanisms to manage who has access to these resources.

When we conduct technology audits for your company, we investigate and report on various areas. Most importantly, you will understand how your organization manages access to essential operational systems.

In summary, effective password management is crucial for maintaining your organization’s security and efficiency. Therefore, a centralized password manager streamlines employee access and significantly reduces the risk of data breaches. We discussed how security by design goes a long way to protect from unwanted breaches.

WAV Group conducts comprehensive technology audits to evaluate your current systems and recommend top-notch solutions for securing your sensitive information. Contact us today to ensure your company is safeguarded against potential security threats.