Sikov -


Understand the pros and cons of enterprise password managers

Almost half of breaches occur because of compromised credentials. Using a password manager to control how users create their IDs may be a good step to protect enterprise assets.

Credential theft is involved in nearly half of breaches perpetrated by outside actors, according to Verizon's "2023 Data Breach Investigations Report." Pair that with the fact that poor password practices -- among them weak passwords, password reuse and failure to change credentials frequently -- are rampant among users and it's a recipe for disaster.

To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management.

A password manager is a credential vault that gives IT teams a unified digital option to monitor, store, safeguard, share and administer passwords. These vaults, which are only accessible through a master password, store other credentials and assets including SSH keys, identity badges and documents. Most password managers also include a password generator to help users create strong credentials that are difficult to hack.

Let's examine some pros and cons of enterprise password managers, as well as features to look for when selecting an enterprise password manager.

Benefits of password managers

Enterprise password managers convey the following important benefits for security administrators as they work to improve their organizations' security protections:

  • Establishing a window into and control point over end-user password practices.
  • Creating and enforcing credential policies.
  • Protecting workers -- in-office and remote -- from risky activity.
  • Standardizing policies governing dynamics, such as password strength and frequency of change.
  • Enforcing the use of MFA.
  • Building shared folders to let teams share credentials in a protected environment.
  • Granting new hires access to corporate resources and decommissioning access when workers leave.

Password managers also put organizations on the path to least privileged access. By tracking end-user activity, organizations can set up role-based access control that allows users to access only the resources they require.

Cons of password managers

It is important to note in examining the pros and cons of enterprise password managers that not every password manager is created equal; some might lack core functionality and features.

While most use some form of strong encryption, such as AES-256, to protect the passwords stored in their vault, some do not. This makes the password manager itself highly vulnerable to hacking. If that occurs, bad actors can gain instant access to corporate assets. To lay another layer of defense around the master password, security admins should seek out password managers that require MFA.

Features to look for in an enterprise password manager

That said, with the right password manager in place, IT security teams gain an important weapon in their arsenal to protect corporate resources. Password managers might be only one element in a multilayer security defense, but they are a significant one.

Though features differ across password products, security admins should look for a number of core capabilities before deploying a business password manager. It is essential for any business, no matter the size, to choose an enterprise-grade manager. Unlike consumer versions, business-class password managers incorporate management functions, including the ability to define and enforce password length, configuration and frequency of change. Enterprise password managers can also give administrators information about potential password vulnerabilities based on current trends.

In some cases, business password managers come with advanced functionality, such as MFA and encryption. Another emerging feature is behavior analysis that uses machine learning and analytics. This enables admins to detect risky behavior and make remediation recommendations.

As enterprise password managers become more sophisticated, they will also offer tools to help security teams create effective password compliance programs. Most don't offer that functionality today, but it is likely to be more common in the near future.

Amy Larsen DeCarlo has covered the IT industry for more than 30 years, as a journalist, editor and analyst. As a principal analyst at GlobalData, she covers managed security and cloud services.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing