In keeping with the theme of the last post, we’ll continue to discuss authentication, but this time we will focus on password management. Much like MFA, password managers have become nearly a necessity in today’s world. While the general idea of a password manager is a location to store credentials for your systems and websites, they have become so much more than a secure credential repository. Some of the features include, but are not limited to the following:
- Mobile device support
- Complex password generation
- Password autofill
- On-premises or cloud hosted
- LDAP integration
This blog post will focus on some of the features that come along with password management solutions but will not focus on comparing vendors.
Why the Need?
Passwords are still a necessity for much of the IT world for now (spoiler alert for next blog topic). Because of this and the importance of authentication as it pertains to security; organizations and consumers need to make sure that they follow best practices when it comes to safeguarding passwords.
Some users take the easy way out and just try to use one or two passwords across everything they access. This can cause issues if an attacker gets a hold of the password because they’ll be able to access all systems for that user instead of just one. While there are number of other bad practices that users engage in for password hygiene, the additional features that some password managers bring to the table are the icing on the cake by which some organizations will benefit greatly.
Features Galore
All password managers store passwords, since that’s their fundamental purpose, but outside of that, different solutions will expand with a variety of additional features that could benefit your organization depending upon how your security policy. Here are few examples of useful features that are included with some password managers:
| Feature | Description |
| Behavior Analytics | Provides reporting and analyzes access to credentials during odd hours or from odd locations |
| Password Auditing | Provides a report on any weak or reused passwords |
| IP Address Restrictions | Allows organizations to limit access from only specific IP addresses |
| Access Requests | Allows users to request access to a password that they normally can’t access. This request can then be approved and can be set to expire after a specified time. One use case, is allowing a user access to a password during a maintenance window |
| Password Hiding/Injection | Allows for passwords to be hidden from the user and to be directly injected into the system. This will prevent the possibility of a user being able to remove the password from the password manager |
| Dark Web Scanner | Scan the dark web to see if user credentials have been found in a breach |
Recommendations
As with most security solutions, choosing the “right” password manager for your organization (or yourself for personal use) depends on several factors. If you’re just looking for a credential repository, virtually any solution is in play. If you’re wanting a solution that incorporates some of the more advanced features like behavior analytics or advanced scripting for automation, that will narrow the scope of solutions down quite a bit.
At a bare minimum, we recommend finding a solution that has the following:
- A high level of encryption (most of the top products have AES-256)
- Requires multi-factor authentication for access to the system. This will provide for additional security when entering your master password in order to login to the system.
- Has a built-in password generator
- Produces an audit reports to bring attention to problematic credentials.
VENYU is Here
As always, if you have additional questions or would like someone to discuss password manager solutions in more depth with you, please open a support case using the customer portal (https://portal.myvenyu.com)
