Updated on August 8, 2023
Say you have to create a password for a new work resource. It requires an upper-case letter, a lower-case letter, a number, 500 characters, and your first-born child. What would you make it?
Exaggerations aside, studies show that most people will go with something easy, something they’ve used before, or something actually secure, but then write it down on paper. And who can blame them? As organizations’ stacks move to the cloud and diversify, users have more accounts to manage, and there’s only so much they can commit to memory.
Single sign-on (SSO) and passwordless authentication relieve some of the burden, but they don’t address the resources that don’t support that technology and you still need to enter a password as part of the authentication chain at some point. It’s also important for admins to be able to view usage logs and prevent data loss. That’s where password managers come in.
In 2022, JumpCloud introduced JumpCloud Password Manager™, which can be used on its own or integrated natively within the JumpCloud Directory Platform to secure and streamline the password authentication process. It’s easy to enroll users and teams into Password Manager. This blog covers how it works, its key features, why password managers help with security and usability, and how to get started using JumpCloud Password Manager.
How JumpCloud Password Manager Works
JumpCloud Password Manager allows users to securely store and use their passwords without committing them to memory. JumpCloud Password Manager relies on a decentralized architecture that is a hybrid between a cloud-based password manager and an offline password manager. This approach minimizes security risk by keeping credentials stored locally on user devices and by syncing vaults between devices through JumpCloud servers in an end-to-end encrypted way. This dramatically increases both the user experience and the organization’s security. It is ideal for resources that do not support SSO, as it delivers a secure, seamless, and quasi-passwordless authentication experience for non-SSO resources.
JumpCloud Password Manager can store the following types of secrets:
- Usernames and passwords.
- Payment cards.
- Secure notes.
It can use these secrets to auto-fill a user’s username, password, and 2FA token to log into an application, significantly streamlining the authentication process. In addition, it can generate and store new, secure passwords, making it easy for users to create passwords that follow best practices. Password health is determined to prevent vulnerable passwords from being used.
And it can detect when a user inputs a new password and offer to save it for next time either from the browser or desktop app. The result is a quick, easy, and secure way for users to access all of their password-protected applications (especially those that don’t support SSO).
Password sharing offers granular control over the access levels of users to shared folders while providing admins with full visibility and the capacity to assign user groups to shared folders.
In short, JumpCloud Password Manager helps users use better passwords, more easily, for all of their online accounts.
- Local password storage. Passwords and secrets are stored locally on endpoints rather than in the cloud. This segments and secures stored secrets, preventing them from being hacked in bulk or becoming a casualty in an attack on a server.
- Secure password and 2FA sharing. Users can securely share passwords and 2FA codes with other team members. It’s possible to know which passwords are being managed and shared by users in the organization.
- Password generator. Users can choose to generate secure, complex passwords, removing the burden of both creating and remembering them.
- Admin console. The Password Manager’s admin console allows IT to easily view and track user access to non-SSO accounts, monitor for password best practices (including checking for weak passwords), view and log activity, manage shared user folders, and see a list of users’ devices from the console. Compliance features include:
- Usage logs to know which users used or viewed what passwords.
- Manage shared folder users and permissions from admin portal.
- Cloud backups gives admins a secure fallback method to minimize the chance of data loss, especially in the case of a lost device. The cloud backup is encrypted and requires a private decryption key, stored by the admin, to restore the backup.
- Bulk import options. Admins can bulk-upload stored credentials and secrets from other password managers to make it easy to migrate from another solution. Directly import new folders while migrating from other password manager vendors.
- Unique cloud relay infrastructure. Data is shared between users and devices with end-to-end encrypted communication through JumpCloud relay servers.
- No master password. The cloud relay infrastructure eliminates the need for a master password, making the user experience that much easier and more secure. A self-service Password Manager PIN reset enables users to reset their password manager PIN with user email verification and without involving their help desk or IT team.
- JumpCloud Password Manager Health Score. This feature scans all passwords stored in your vault and checks how vulnerable they are. Scores are available on both the organization and user level.
- Supports multiple browsers and systems. It includes a desktop application, which is supported by Mac, Linux, Windows, iOS, and Android, and a multi-browser extension.
- Safari extension provides a convenient way for users to securely store and manage their passwords directly within the Safari browser, without having to switch to a separate application or web interface.
- Supports various authentication methods. Depending on the OS, JumpCloud Password Manager can authenticate a user via password, pincode, fingerprint, facial recognition, and iris scan, and it can use an auto lock scheduler to limit session time.
Integrates natively with the JumpCloud Directory Platform. This allows all users to take advantage of having their open directory platform and device management paired with common security features like password management in one solution. IT admins can access the Password Manager from within the JumpCloud directory, including provisioning and deprovisioning access.
Why Use a Password Manager?
Passwords are still the main authentication method for most resources, and they remain one of the most targeted data points in attacks. For example, stolen credentials are far and away the number one ingress point for executing a basic web application attack. And as Verizon put it in its 2022 Data Breach Investigations Report, “unauthorized access via default, shared, or stolen credentials constituted more than a third of the entire Hacking category and over half of all compromised records.”
But keeping passwords secure is no easy task. As organizations’ stacks move to the cloud, their resources diversify, which means more accounts — and passwords — per user. This often leads to an incomplete or piecemeal access management strategy, where an SSO tool may work for some applications but not for those that don’t use SAML or OIDC, for example. These applications are left out of the SSO experience and don’t benefit from any of the security afforded by SSO authentication protocols.
Further, as passwords increase in number and complexity requirements, they become harder for users to remember. And while length and complexity requirements align with best practices, too many long, complex passwords drive users to resort to unsecure methods for remembering them. For example, about two-thirds of Americans say they will forget their password if they don’t write it down.
Password managers relieve users of the burden of memorizing passwords and increase IT’s control and visibility over users’ passwords. Because passwords are such popular attack vectors and targets, password managers provide an immediate and significant security boost. JumpCloud Password Manager in particular delivers:
- Quick and secure access into sites and services, regardless of the required authentication method.
- Better password security by helping users create long, complex, and unique passwords that are vetted for quality, without needing to remember them.
- Secure password and 2FA sharing for easier collaboration within the organization.
- Clearer admin visibility into account access for non-SSO accounts.
- Terminating a user’s access results in their password vaults getting wiped from all devices.
- Better password management for admins: IT can watch for weak passwords and enforce password best practices while managing shares and permissions.
- JumpCloud Password Manager Cloud Backup requires administrator approval to completely restore for a user from a cloud backup.
Administrators can add or remove users, assign specific permissions to each user, and review and update permissions regularly. This ensures proper access controls, maintains data security, and fosters a collaborative environment. Other features include the ability to view usage logs to see which users used or viewed certain passwords.
Usability and Productivity
The more passwords users have, the more often they’ll have to reset them. And more than half of Americans say they have to reset their passwords at least five times per month.
That’s a lot of time. For users, that’s time they spend opening a ticket and waiting for it to be fulfilled before they can get back to work. For IT, password reset requests dilute their help desk work and divert their attention away from more strategic tasks.
In addition, the experience of typing in a password and MFA TOTP is becoming more unfavorable to users, especially as they become used to processes like SSO and passwordless authentication.
JumpCloud Password Manager improves the user experience and give users and IT teams productivity time back by:
- Significantly reducing password reset frequency for both users and IT.
- Delivering a seamless authentication experience by storing and auto-filling usernames, passwords, and MFA.
- Enabling users to collaborate easily and securely with password sharing capabilities.
- Helping users and IT avoid time wasted on password lockouts and resets, allowing them to turn their attention to strategic and impactful work.
These benefits compound for managed service providers (MSPs), which must store passwords for all their clients and those clients’ users.
Get Started With JumpCloud Password Manager™
Password management is one of the most effective security practices a small and medium-sized enterprise (SME) can institute. It reduces the time lost due to password resets, freeing up both IT and end users to focus on more impactful work. It makes an enterprise solution for password management accessible for SMEs with features that offer administrators visibility into password health and password manager activities, as well as centralized control of password sharing.
JumpCloud makes it easy to get started with its Password Manager, whether on its own or as an integrated part of the JumpCloud open directory platform. When the Password Manager integrates with JumpCloud’s open directory platform, organizations can embrace password-based access needs within the full scope of authentication practices including federation, SSO, and MFA. Together, they grant all users seamless and secure access to all the resources they need to do their jobs, regardless of the required authentication method.
Click here to learn more about how to enable frictionless access with password management.