Updated on December 5, 2022
Say you have to create a password for a new work resource. It requires an upper-case letter, a lower-case letter, a number, 500 characters, and your first-born child. What would you make it?
Exaggerations aside, studies show that most people will go with something easy, something they’ve used before, or something actually secure, but then write it down on paper. And who can blame them? As organizations’ stacks move to the cloud and diversify, users have more accounts to manage, and there’s only so much they can commit to memory.
Single sign-on (SSO) and passwordless authentication relieve some of the burden, but they don’t address the resources that don’t support that technology, and you still need to enter a password as part of the authentication chain at some point. That’s where password managers come in — especially a good SSO password manager.
Earlier today, JumpCloud announced JumpCloud Password Manager™, which can be used on its own or integrated natively within the JumpCloud Directory Platform to secure and streamline the password authentication process. This blog covers how it works, its key features, why password managers help with security and usability, and how to get started using JumpCloud Password Manager.
How JumpCloud Password Manager Works
JumpCloud Password Manager allows users to securely store and use their passwords without committing them to memory. JumpCloud Password Manager relies on a decentralized architecture that is a hybrid between a cloud-based password manager and an offline password manager. This approach minimizes security risk by keeping credentials stored locally on user devices and by syncing vaults between devices through JumpCloud servers in an end-to-end encrypted way. This increases both the user experience and the organization’s security. It is ideal for resources that do not support SSO, as it delivers a secure, seamless, and quasi-passwordless authentication experience for non-SSO resources.
JumpCloud Password Manager can store the following types of secrets:
- Usernames and passwords.
- Payment cards.
- Secure notes.
It can use these secrets to auto-fill a user’s username, password, and 2FA token to log into an application, significantly streamlining the authentication process. In addition, it can generate and store new, secure passwords, making it easy for users to create passwords that follow best practices. And it can detect when a user inputs a new password and offer to save it for next time. The result is a quick, easy, and secure way for users to access all of their password-protected applications (especially those that don’t support SSO).
In short, JumpCloud Password Manager helps users use better passwords, more easily, for all of their online accounts.
- Local password storage. Passwords and secrets are stored locally on endpoints rather than in the cloud and are synced in an end-to-end encrypted way between users and devices through JumpCloud servers.
- Secure password and 2FA sharing. Users can securely share passwords and 2FA codes with other team members.
- Password generator. Users can choose to generate secure, complex passwords, removing the burden of both creating and remembering them.
- Admin console. The Password Manager’s admin console allows IT to easily view and track user access to non-SSO accounts, monitor for password best practices (including checking for weak passwords), view and log activity, manage shared user folders, and see a list of users’ devices from the console.
- Bulk import options. Admins can bulk-upload stored credentials and secrets from other password managers to make it easy to migrate from another solution.
- Unique cloud relay infrastructure. Data is shared between users and devices with end-to-end encrypted communication through JumpCloud relay servers.
- No master password. The cloud relay infrastructure eliminates the need for a master password, making the user experience that much easier and more secure.
- Supports multiple browsers and systems. It includes a desktop application, which is supported by Mac, Linux, Windows, iOS, and Android, and a multi-browser extension.
- Supports various authentication methods. Depending on the OS, JumpCloud Password Manager can authenticate a user via biometric authentication such as fingerprint, facial recognition through TouchID on Apple-based devices and Windows Hello, and it can use an auto lock scheduler to limit session time.
- Integrates natively with the JumpCloud Directory Platform. This allows all users to take advantage of having their open directory platform and device management paired with common security features like password management in one solution. IT admins can access the Password Manager from within the JumpCloud directory, including provisioning and deprovisioning access.
Why Use a Password Manager?
Passwords are still the main authentication method for most resources, and they remain one of the most targeted data points in attacks. For example, stolen credentials are far and away the number one ingress point for executing a basic web application attack. And as Verizon put it in its 2022 Data Breach Investigations Report, “unauthorized access via default, shared, or stolen credentials constituted more than a third of the entire Hacking category and over half of all compromised records.”
But following best practices for password management is no easy task. As organizations’ stacks move to the cloud, their resources diversify, which means more accounts — and passwords — per user. This often leads to an incomplete or piecemeal access management strategy, where an SSO tool may work for some applications but not for those that don’t use SAML or OIDC, for example. These applications are left out of the SSO experience and don’t benefit from any of the security afforded by SSO authentication protocols.
Further, as passwords increase in number and complexity requirements, they become harder for users to remember. And while length and complexity requirements align with best practices, too many long, complex passwords drive users to resort to unsecure methods for remembering them. For example, about two-thirds of Americans say they will forget their password if they don’t write it down.
Password managers relieve users of the burden of memorizing passwords and increase IT’s control and visibility over users’ passwords. Because passwords are such popular attack vectors and targets, password managers provide an immediate and significant security boost. JumpCloud Password Manager in particular delivers:
- Quick and secure access into sites and services, regardless of the required authentication method.
- Better password security by helping users create long, complex, and unique passwords without needing to remember them.
- Secure password and 2FA sharing for easier collaboration within the organization.
- Clearer admin visibility into account access for non-SSO accounts.
- Better password management for admins: IT can watch for weak passwords and enforce password best practices.
Usability and Productivity
The more passwords users have, the more often they’ll have to reset them. And more than half of Americans say they have to reset their passwords at least five times per month.
That’s a lot of time. For users, that’s time they spend opening a ticket and waiting for it to be fulfilled before they can get back to work. For IT, password reset requests dilute their helpdesk work and divert their attention away from more strategic tasks.
In addition, the experience of typing in a password and MFA TOTP is becoming more unfavorable to users, especially as they become used to processes like SSO and passwordless authentication.
JumpCloud Password Manager improves the user experience and give users and IT teams productivity time back by:
- Significantly reducing password reset frequency for both users and IT.
- Delivering a seamless authentication experience by storing and auto-filling usernames, passwords, and MFA.
- Enabling users to collaborate easily and securely with password sharing capabilities.
- Helping users and IT avoid time wasted on password lockouts and resets, allowing them to turn their attention to strategic and impactful work.
These benefits compound for managed service providers (MSPs), which must store passwords for all their clients and those clients’ users.
Learn more in Password Management for MSPs.
Get Started With JumpCloud Password Manager™
Password management is one of the most effective security practices an SME can institute. It reduces the time lost due to password resets, freeing up both IT and end users to focus on more impactful work.
Fortunately, JumpCloud makes it easy to get started with its Password Manager, whether on its own or as an integrated part of the JumpCloud open directory platform. When the Password Manager integrates with JumpCloud’s open directory platform, organizations can embrace password-based access needs within the full scope of authentication practices including federation, SSO, and MFA. Together, they grant all users seamless and secure access to all the resources they need to do their jobs, regardless of the required authentication method.
Learn more about JumpCloud Password Manager.