Powerful Password Manager Advantages and Disadvantages to Watch Out For
A password manager is a digital tool that securely stores and manages login (username, password, and more) credentials and other details. Password manager advantages are expansive! First, let’s cover some features a password manager may include:
- store passwords for various websites
- detect websites in a browser and automatically fill in saved passwords in form fields
- capture and save passwords entered in to new websites
- auto-fill passwords so users don’t have to remember them
- random secure password generator
- password strength and/or complexity reports
- multi-factor authentication (MFA)
- credential backups
- password encryption / obfuscation
- single sign on (SSO)
- role-based permissions for elevated authorization levels
- password management such as password synchronization
- password change scheduler
- username and password import / export capability
- securely share passwords with authorized users
Password managers come in multiple forms including web-based, desktop-based, or token-based. These password management mechanisms have different advantages and disadvantages with regards to convenience and security. For many IT managers, choosing the right password manager depends on knowing the risk factors and features offered by each.
Web-Based Password Manager
The advantages of web-based password managers over others are primarily portability (they can generally be used on any computer with Internet connection) and a reduced risk of losing passwords through theft from or damage to a single PC. This same risk persists for the server that is used to store the passwords on. Additionally most commercial web-based password solutions offer integration with multiple browsers – Chrome, Firefox, Opera, Edge, and others. This enhances the usability of the same web-based password manager tool according to the user’s preferences.
The major risk consideration of online password managers are the security mechanisms in place for the hosting site. With a rapid increase in the use of web-based password management tools, companies offering these solutions are routinely targets of cyber attacks themselves. Another risk factor is the master password set up for each employed user to log in to the password manager itself. A simple master password would increase the risk for the user since now all their passwords could be exposed if the master password is compromised. This is all the your eggs in one basket. Some web-based password managers also offer multi-factor authentication in addition to the master password to increase the security of the stored passwords for a user. Organizations utilizing web-based password managers should enforce multi-factor authentication in place of a master password for all users.
Desktop-Based Password Manager
With password managers implemented as desktop applications, the risk of losing passwords on account of the solution providers’ servers being compromised is eliminated. The storage of passwords is now on the individual’s computers instead of a common server, thereby reducing the threat footprint significantly. Additionally, the password managers can be used even when the computer is not connected to the Internet. This is a big advantage for professionals in certain industries where Internet connection is not always available.
A downside to using desktop-based password managers is that the passwords may not share across computers. Furthermore, the desktop password management software has to be installed on each computer (more setup required for IT). Passwords may not be available when you try to log in from a new computer or location for the first time. But once set up, these password managers can be very effective for logging in with reduced effort.
Token-Based Password Manager
Physical tokens like USB keys, key fobs, smart cards, and phone apps can also be used as password managers. Passwords are encrypted and stored on physical electronic devices instead of on a computer or a server. This means enhanced security. Some solutions utilize hardware but without putting passwords on any new devices. This greatly increases the cybersecurity posture of the workplace. Many password managers also use strong encryption. This is to protect from unauthorized reading of data/exposure. This method may still require software installation on each workstation.
One of the leading risks with a token-based password management system is that the password is on the token device itself. Tokens that store the password are at additional risks for credential theft such as man-in-the-middle attacks, spoofing attacks, and million message attacks.
OTP and MFA (multifactor authentication) through a physical token. The other factors could be something you know (password/passphrase/PIN), something you are (biometric fingerprint, facial/voice recognition, retinal/vein/hand scan), and/or something you do (walking signature, signing signature).
Hybrid Password Manager Advantage
Hybrid password managers are a combination of web, desktop, and token-based password managers utilizing the benefits of each to meet the various needs of IT managers and their users. Offerings can include a password manager that utilizes a token as a factor but stores the secure password on the computer itself. This means no risk of over-the-air spoofing. This means a malicious actor would have to have a password AND a physical token to even have hope of gaining access. Depending on the password manager solution, some will reduce the attack vector down to just right in front of the PC in question! This means hackers from around the world will have a difficult time breaking in unless they’re in front of the actual PC. An IT admin can easily deploy this software to PCs from a central admin console via group policy.
Combining the various types of password managers into a unified solution allows the IT admin to reduce the risks associated with each type while taking advantage of the inherent security enhancements of each. For example, using a token to authenticate the user onto a password manager allows the end user to not be dependent on a master password. But, the token itself holds no passwords. This makes the system far more secure. Some password managers let users access passwords offline. At the same time, users can access passwords on every computer the user logs into by synchronizing them through the common password server. This makes for a very dynamic a hybrid solution password manager solution for IT admins to utilize.
Summary
Some password vaults work across multiple platforms. Some solutions are best-fit for a particular platform. This will all depend on each IT admin’s particular needs. To recap, password managers generally offer the following advantages for an organization.
- Reducing helpdesk calls for forgotten passwords
- Fewer PC lockouts = less downtime
- Fewer passwords to memorize and manage
- Relieving password fatigue / stress (“password chaos”)
- Credentials are more easily manageable
- Password propagation and administration becomes instant and seamless
- Lowers the overall risks of credential exposure
- Less time spent on non-core tasks
- Compounds the effects of cybersecurity training and policies
Each has the same main purpose but with unique elements. Choosing the right password manager for the organization’s requires consideration of new threats, security posture, risk factors, compliance, and more. When used properly, password managers are a great tool for building and maintaining a secure digital posture. Less risk, less stress, and increased security. Every IT admin should be utilizing a password manager for their employees.
About GateKeeper Proximity
Automating security culture across the world, the GateKeeper password manager enhances compliance and cybersecurity through mass automated authentication. Through efficient wireless authentication, GateKeeper protects networks from internal breaches and confidential data exposure with patented, award-winning technology. The solution includes two-factor authentication, centralized password management, and comprehensive auditing. Reduce support time and costs while enhancing security and compliance. Passwordless proximity passwords. Get the best of password manager advantages with the GateKeeper password manager for enterprise. For more information, please visit gkaccess.com or email info@gkaccess.com.
See GateKeeper Enterprise advanced MFA in action.
Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.