Although they may seem like a throwaway to employees, passwords are one of the biggest vulnerabilities to your organization’s security. Access to even one password opens the doors to data leaks, malware, ransomware, and other detrimental attacks.
The problem is that most employees face password fatigue. Remembering tens or even hundreds of unique passwords is difficult, so after a while, people reuse the same password for multiple applications or add one or two special characters when they’re prompted to change their password. But these practices put companies at immense risk. So what’s an IT department to do?
Many turn to local or cloud-based password managers. These solutions allow users to securely store their credentials in one central place, either on a remote server or locally on a user’s device. Whenever a user wants to log into an application, password managers will auto-populate their password, so they no longer have to recall it.
But before you make the leap to a password manager, you should know what you’re getting into. To help you make the right decision for your organization, we’ve outlined the major advantages and disadvantages below.
What Are the Pros of Using a Password Manager?
First, let’s start with password manager pros. Here are just a few of the many benefits password managers confer.
Less Password Fatigue
We already discussed how detrimental password fatigue can be. Password managers eliminate the stress of remembering multiple passwords and encourage employees to use auto-generated passwords that are longer and more complex.
Strong Password Generation
The best password managers have a built-in password generator. Whenever an employee activates a new tool, the password manager creates a randomized, unique new password and saves it to a password vault so that it’s available upon the user’s next login.
Less Strain On IT
Password lockouts happen more often than you think. A recent study reported that 3 in 4 employees needed a password reset at work within the last 90 days. Not only does this add to IT’s ever-growing scope of work, it also reduces the time they have to spend on more pressing tasks. Password managers dramatically reduce the cost and effort associated with these IT tickets.
Shared Account Management
If an employee unexpectedly falls ill or leaves the company, password managers enable admins to share passwords with that employee’s peers. Password managers also work across many devices, so even if an employee’s colleagues have a different laptop or desktop, they can still use the same password to log into a secured application.
Easy to Maintain Best Practices
Password managers are designed to uphold IT and security standards, generating randomized passwords, storing them securely, only sharing them if absolutely necessary, and updating them on a regular basis 一 all without manual intervention. Some even integrate with or come with single sign-on (SSO) to make it easier to manage password manager access. These may be referred to as SSO password managers. Others also include multi-factor authentication (MFA) functionality to further secure a user’s workspace.
Once an employee resigns, password managers can immediately remove all their access privileges to every software product they ever used on any of their devices. This best practice avoids any password or data leakage, or other offboarding security risks that could seriously harm a company’s employees, customers, and reputation.
What Are the Cons of Using a Password Manager?
Now it’s time to cover the downsides of using a password manager. Some of those drawbacks include the following.
Hacks Have Occurred
Even well-known password management solutions have suffered cyberattacks. LastPass, KeePass, Keeper, and OneLogin have all experienced attacks that compromised their customers’ passwords, email addresses, and more. Security vulnerabilities found during in-depth investigations served as learnings for engineers working on those password managers and others to avoid similar situations in the future.
Single Point of Failure
One of the significant pros of a password management system is that all passwords are stored in one place. But the flipside is that password managers can become a single point of failure. If a password manager itself is hacked, an organization is potentially at an even bigger risk than if just one password was leaked. Luckily, many password management systems have extremely robust security measures to prevent attacks from happening.
Weak Passwords May be Generated
When generating passwords, some password management tools stop at the 10-character mark or fail to use symbols. Although admins may be able to adjust that on the back-end, they may not realize it for a while, meaning some stored passwords don’t meet security requirements. Fortunately, modern password managers leverage password management best practices and continuously update their products to ensure auto-generated passwords are as secure as possible.
Web-Based Manager Security Flaws
Password managers don’t always recognize and adapt to every web-based application, meaning that passwords won’t autofill, and users have to call their passwords manually. Besides being a nuisance, password managers are susceptible to web vulnerabilities like bookmarklet flaws, iFrame phishing, and XSS and CSRF exploits. Over time, these vulnerabilities have come to light, so the best password managers on the market take extra steps to protect employee passwords.
Do the Pros of a Password Manager Outweigh the Cons?
While the cons of password managers are legitimate, the advantages far outweigh them一particularly if you use a password manager that puts safety and security first.
JumpCloud’s IdentityOS solution provides frictionless password management straight from MacOS and Windows devices already secured through JumpCloud. The JumpCloud IdentityOS app minimizes the risk of phishing, all while empowering employees to manage their credentials themselves without the help of IT. IdentityOS also sends employee password update reminders and automated password rotations and complexity checks to maintain password compliance.