Password manager software makes promises that many infosec officers would like to believe. Instead of the users who have one weak password for everything and the users who have offices wallpapered with passwords scribbled on sticky notes, all users would have strong, unique passwords for each account. (Those passwords would be securely stored, encrypted, within a password manager, and the user would only need to remember one master password to access it.)
Sounds nice, but most password managers were not built for CISOs; they were built for consumers. Most do not allow for sharing of passwords, so they won't stop users from emailing passwords for shared accounts back and forth.
Most don't enforce corporate password policies, or help with provisioning and de-provisioning of users, or integrate with Active Directory. Their help desks won't be up to responding to pressing business demands. They won't operate on all the client platforms you need. They won't generate the kinds of logs you need or comply with privacy regulations and who knows what kind of key management they do?
But luckily, there are some password managers that can fit these business needs, including some enterprise versions of the leading consumer applications. Here's a selection of them.
