Endpoint

9/28/2015
06:00 PM
Sara Peters
Sara Peters
Slideshows
Connect Directly
Twitter
RSS
E-Mail

10 Password Managers For Business Use

Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
3 of 11

Keeper Security

Keeper Security's selling points are its mobile-first strategy, wide range of platforms it operates upon, and secure digital vault in which any files (not just credentials) can be stored.   

The company has been around since 2008 when its founders sketched out an idea for the iPhone app during a flight to China, and has had a mobile-first strategy ever since, says Keeper CEO and co-founder Darren Guccione. It's since been chosen by Orange to be pre-loaded onto their Orange 70 Dive smartphone and by AT&T to be pre-loaded onto all the Android and Windows phones it sells in the U.S. This week, expanding the relationship with mobile operators and resellers, Keeper is announcing its new Channel Partner program, as well as its Enterprise 2.0 product. 

Keeper is not only a password manager, but also a secure vault, which stores and encrypts -- and allows sharing of -- any kind of files, not just credentials. When operating within Keeper, new files that are created are encrypted and stored within it. Darren Guccione, CEO and co-founder of Keeper Security, proposes the example of a surgeon who needs to keep records during surgery -- the photos she takes with her phone while in the vault won't appear in the phone's Camera Roll. As Guccione puts it, 'What happens in the vault, stays in the vault.'

However, the secure file storage is an additional cost.

 
Pricing: $750 per year plus $48 per user per year. Secure file storage is another $18 per user per year. Keeper Enterprise is sold through VAR, Carrier, MSP, and OEM channels. Keeper provides volume-based discounts for enterprise customers based on number of users, in addition to Enterprise License Agreements (ELA's).

Interoperability: Keeper works with Android, iOS, Blackberry, Windows Phone, iPad, Surface, Kindle, Mac, Windows, and Linux, plus has browser extensions for IE, Chrome, Firefox, Safari, and Opera. Also integrates with a variety of Enterprise Mobile Management software platforms.

Sharing and management: Has  central admin console where you can provision and de-provision employees, and integrates with Active Directory. Ownership of keys is transferrable, and they can be set to self-destruct.

Compliance and regulations: HITECH- and HIPAA-compliant. Certified with SOC-2, TRUSTe, McAfee Secure, US-EU Safe Harbor, PCI-DSS, and the U.S. Department of Commerce's Bureau of Industry and Security.

Multi-factor: Integrates with biometrics on iOS and other options

Keys: Local-only encryption/decryption. Vault resides in an Amazon AWS instance, but Keeper can also set up an on-premise system. Uses 256-AES encryption, perfect-forward secrecy. Each file is encrypted with a separate key on each device on which it resides.

Other features: FastFill of forms, password generator.

Beyond passwords: Secure data vault

Keeper Security

Keeper Security's selling points are its mobile-first strategy, wide range of platforms it operates upon, and secure digital vault in which any files (not just credentials) can be stored.

The company has been around since 2008 when its founders sketched out an idea for the iPhone app during a flight to China, and has had a mobile-first strategy ever since, says Keeper CEO and co-founder Darren Guccione. It's since been chosen by Orange to be pre-loaded onto their Orange 70 Dive smartphone and by AT&T to be pre-loaded onto all the Android and Windows phones it sells in the U.S. This week, expanding the relationship with mobile operators and resellers, Keeper is announcing its new Channel Partner program, as well as its Enterprise 2.0 product.

Keeper is not only a password manager, but also a secure vault, which stores and encrypts -- and allows sharing of -- any kind of files, not just credentials. When operating within Keeper, new files that are created are encrypted and stored within it. Darren Guccione, CEO and co-founder of Keeper Security, proposes the example of a surgeon who needs to keep records during surgery -- the photos she takes with her phone while in the vault won't appear in the phone's Camera Roll. As Guccione puts it, "What happens in the vault, stays in the vault."

However, the secure file storage is an additional cost.

Pricing: $750 per year plus $48 per user per year. Secure file storage is another $18 per user per year. Keeper Enterprise is sold through VAR, Carrier, MSP, and OEM channels. Keeper provides volume-based discounts for enterprise customers based on number of users, in addition to Enterprise License Agreements (ELA's).

Interoperability: Keeper works with Android, iOS, Blackberry, Windows Phone, iPad, Surface, Kindle, Mac, Windows, and Linux, plus has browser extensions for IE, Chrome, Firefox, Safari, and Opera. Also integrates with a variety of Enterprise Mobile Management software platforms.

Sharing and management: Has central admin console where you can provision and de-provision employees, and integrates with Active Directory. Ownership of keys is transferrable, and they can be set to self-destruct.

Compliance and regulations: HITECH- and HIPAA-compliant. Certified with SOC-2, TRUSTe, McAfee Secure, US-EU Safe Harbor, PCI-DSS, and the U.S. Department of Commerce's Bureau of Industry and Security.

Multi-factor: Integrates with biometrics on iOS and other options

Keys: Local-only encryption/decryption. Vault resides in an Amazon AWS instance, but Keeper can also set up an on-premise system. Uses 256-AES encryption, perfect-forward secrecy. Each file is encrypted with a separate key on each device on which it resides.

Other features: FastFill of forms, password generator.

Beyond passwords: Secure data vault

3 of 11
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
DavidJ883
50%
50%
DavidJ883,
User Rank: Apprentice
2/13/2017 | 9:45:51 PM
Intuitive Password online password manager
I use "Intuitive Password" online password manager. I have tried many password managers and I keep coming back to Intuitive Password. It is absolutely the easiest to use, will suggest dynamic passwords for me, it works on all devices (mobile phones, tablets, laptops and desktop PCs) without installation. It is free but has an inexpensive yearly subscription if necessary. One of the best part is if I need to fill in a user name and password on a specific site, I just click on the little login button shown on the plugin, and Intuitive Password will fill in the info requested for me. There is not a word great enough to express my feelings on this awesome product!
TejGandhi1986
50%
50%
TejGandhi1986,
User Rank: Apprentice
10/5/2015 | 6:33:03 AM
Weekest link in security
Passwod managers can still be one more additional layer of security that can be added to the prevent compromising of security ,the best solution to ensure the passwords are protected is to educate the users regarding how to save passwords,how to prevent password sharing.

 

-Tej Gandhi

[email protected]
Blog Voyage
50%
50%
Blog Voyage,
User Rank: Strategist
10/3/2015 | 9:18:16 AM
Re: Passwordstate
Thanks for feedback mate
cyberinferno
0%
100%
cyberinferno,
User Rank: Apprentice
9/28/2015 | 11:14:06 PM
Passwordstate
We use ClickStudios Passwordstate at work. It runs on an IIS/MSSQL backend (self-hosted) and features Active Directory authentication. IT is free for up to 5 users, and that's all we've had need for thus far (will likely be purchasing a license later). You can customize just about anything you want regarding password fields, different lists, permissions (group or individual), etc. I've never tried using the mobile site (no app available). A Chrome extension is available, but I've honestly never used it.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19007
PUBLISHED: 2018-12-14
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
CVE-2018-20147
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
CVE-2018-20148
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata.
CVE-2018-20149
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.
CVE-2018-20150
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.