Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
September 28, 2015
Password manager software makes promises that many infosec officers would like to believe. Instead of the users who have one weak password for everything and the users who have offices wallpapered with passwords scribbled on sticky notes, all users would have strong, unique passwords for each account. (Those passwords would be securely stored, encrypted, within a password manager, and the user would only need to remember one master password to access it.)
Sounds nice, but most password managers were not built for CISOs; they were built for consumers. Most do not allow for sharing of passwords, so they won't stop users from emailing passwords for shared accounts back and forth.
Most don't enforce corporate password policies, or help with provisioning and de-provisioning of users, or integrate with Active Directory. Their help desks won't be up to responding to pressing business demands. They won't operate on all the client platforms you need. They won't generate the kinds of logs you need or comply with privacy regulations and who knows what kind of key management they do?
But luckily, there are some password managers that can fit these business needs, including some enterprise versions of the leading consumer applications. Here's a selection of them.
About the Author(s)
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.
You May Also Like
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics