I have a three-ring binder beside my desk with dozens of passwords. From one point of view, it’s a lousy password manager — it isn’t in alphabetical order, if someone breaks into my place it could be stolen and if I spill a drink on a page it’s probably gone.
But arguably it is a perfectly safe system because those passwords aren’t linked to any Web site that has my personal or financial information. These are passwords for Web sites that offer everything from PC support to access to forums for the hobbies I’m interested in. Another strategy is to never allow my browsers to store passwords.
On the other hand, corporate employees may need to have a number of passwords at hand to access more sensitive materials like specialized databases and applications. That’s where a business-grade password manager can be useful.
These include LastPass, Dashlane, KeePass and others, which create a secure vault for storing passwords. CSO Online has a review of a number of them.
Here’s a quick run down:
—Dashlane lets users change all passwords with one click, and covers more than 160 of the most popular sites, including Facebook, Twitter, LinkedIn, Pinterest, Amazon, Dropbox, and Evernote;
— LastPass‘ enterprise version has Active Directory sync, configurable management policies, onboarding, offboarding and provisioning, and single sign-on for many popular cloud applications, including Office 365, Google Apps, Salesforce, WordPress, and others;
—KeePass is an open source tool for individual use. But I note from checking its site there’s a company called Pleasant Solutions that makes a server-based KeePass manager for enterprises.
—1Password, a Canadian entry, which includes a strong password generator;
–Montreal-based PasswordBox, recently bought by Intel. The company says it will soon introduce what it calls True Key, which includes smart identity technology from Intel that lets users include facial recognition for more secure login.
As with any application, CSOs need to check whether these and other managers are suitable. And employees need to check with IT before adding any of these applications to their devices.