Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

11/8/2019
09:00 AM

6 Small-Business Password Managers

The right password manager can help bring enterprise-class security to small businesses. Here are a half-dozen candidates to strengthen your access management.
2 of 7

LastPass

LastPass is a popular password manager for consumers, with individual pricing starting at "free." But the company also has a number of business offerings that can make managing both individual and companywide passwords possible from a central console. Many organizations will find one of their two most basic business offerings will suffice, but options for those that require more advanced authentication are available.

LastPass business solutions begin with "Teams." If your business has fewer than, say, 50 employees, then it could be enough. LastPass Teams has many of the functions available in the Enterprise version, but it is designed, according to the company, to be easy enough for business unit professionals to be able to deploy and manage the service.

If you need to employ complex user policies, integrate the password manager into network directories and cloud services, and offer single sign-on to a wide variety of business applications, then the LastPass Enterprise version may be a better choice. The difference in cost between Teams and Enterprise versions is small -- $4 per user per month for Teams and $6 per user per month for Enterprise -- but the difference in knowledge required for proper integration and deployment is larger. In both cases, the individual user is required to know very little about policies or the LastPass application since set-up is a centralized process and the application guides the user through the actions required.

(Image: LastPass)

2 of 7
Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
debrajohansen
100%
0%
debrajohansen,
User Rank: Apprentice
11/10/2019 | 9:26:55 AM
thanks
thanks
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...