How to Expand Your IAM Offering with Password Management

JumpCloud recently held a webinar to discuss how MSPs can expand their Identity Access Management (IAM) offering with password management.

Our host, JumpCloudian Dakota Hippern, was joined by Antoine Jebara, co-founder and GM of MSP Business, and Rob McGrath, product manager, in discussing the relevance of password management and how JumpCloud Password Manager is poised to help MSPs bolster their IAM offering. Below is a recap of the key points discussed during the webinar.

Passwords might soon become an endangered species. With the uptick in biometric recognition, smart pins, and push notifications as the preferred method of authentication, password management is no longer at the center of organizations’ IAM approach.

More companies now use LDAP and RADIUS-based authentication to log people into resources like VPN, Wi-Fi, on-prem infrastructure, etc.

Despite this, password management constitutes a vital component in most organizations’ infrastructure, and MSPs must take this into consideration when assessing their identity and access management offering.

This post discusses why password management is still relevant today and how MSPs can make the most of JumpCloud’s password manager to deliver excellent service to their clients.

Password Management: Why Bother?

Almost two decades after Bill Gates first predicted the death of passwords, passwords no longer form the core of most organizations’ access management strategy. Why then should MSPs bother with password management?

Ubiquity

Passwords are the most common authentication method, and for good reason. First, they’ve been around for far longer. Second, passwords are a right-out-of-the-box feature in almost all devices. This is more than can be said for other modes of authentication such as biometric recognition or smart cards.

The net effect is, despite organizations’ less reliance on them, passwords are likely to hang on till, at least, other authentication methods become as commonplace.

Weakness

MSPs must have a password management strategy to protect their clients from the vulnerabilities that passwords pose. From phishing to physical theft, and even dumpster diving, passwords pose the most risk of enabling authorized access.

Throw in the rising cost of data breaches — 4.5 million dollars as of 2022 — coupled with the fact that 80% of data breaches are caused by weak or reused passwords, then it’s clear why MSPs cannot afford to be lax in their password security approach.

Single Sign-On (SSO) Challenges

In developing their IAM offerings, most MSPs have had single sign-on (SSO) play a significant role in their strategy. SSO enables users to log in once to all the company resources they need to get their work done.

This is mostly done by coupling SSO with push authentication, biometric recognition, and other authentication modes.

Sometimes, however, users will not be able to use SSO to get into some paywalled web-based apps. Or sometimes, they may have to use some shadow IT tools which aren’t part of the company’s infrastructure.

In such instances, password usage creates a gap which password management must bridge, or organizations risk security exposure.

Password Managers + Types

Password managers are software that securely stores and protects users’ login information. Although they typically maintain records of usernames and relevant passwords, they also offer additional storage options. This includes addresses, card details, etc.

There are three major types of password managers:

Offline Password Managers

These password managers store and encrypt passwords locally on a user’s endpoints but don’t sync the password across different devices. Thus, users can only use the password manager on one device outside the box.

Offline password managers are rather unfit for enterprise use cases because they don’t grant admins with centralized visibility and control. What they lack in convenience however, they make up for in security. Offline password managers are not susceptible to network or server attacks since they store and encrypt passwords on the user’s device.

Cloud-Based Password Managers

Cloud-based password managers store passwords in a vault which is itself located on the password manager servers. The passwords are encrypted with a key called the “Master Password.” The user is tasked with creating, remembering, and protecting this master password.

Users access the information in cloud-based password managers using a combination of their email and the master password.

These are more convenient since users can access them on multiple devices. Plus, they give a high level of visibility and control to admins. However, they make a huge trade-off in security as their effectiveness depends on the user’s ability to create and protect a strong master password.

More worryingly, hackers can also breach password manager servers and gain access to users’ passwords.

Hybrid Password Manager

A hybrid password manager, such as JumpCloud Password Manager, works by combining the best traits of the first two types of password manager.

It uses a decentralized storage architecture where passwords are stored locally on the user’s endpoints. Next, it generates a key for encrypting the passwords in a vault.

This vault then syncs across other devices on JumpCloud’S network, thereby making simultaneous login possible.

It also allows users to share passwords with other users in the organization. What’s more? A hybrid password manager facilitates an environment where admins have visibility and control but without being able to see the user’s password unless where it is shared with them.

An inherent advantage of JumpCloud’s password manager is that reliance is not placed on a user’s ability to create and protect a master password. Thus, users can authenticate access to this vault using biometrics, Windows Hello, or other local authentication means.

JumpCloud Password Manager: Fitting Into a Larger Ecosystem

JumpCloud developed its sophisticated password manager in response to growing demand from organizations and MSPs. The password manager provides a single-point solution for IAM needs, reducing tool sprawl and lowering IT costs.

The password manager integrates with the JumpCloud open directory platform and greatly complements other tools such as multi-factor authentication (MFA), SSO, conditional access, etc.

JumpCloud Password Manager also provides a seamless experience for admins as it is deployed and managed through one console. Users also benefit from not having to log in to disparate apps through an external password manager.

Besides its benefits as an important part of a larger ecosystem, JumpCloud Password Manager is also a superior option because it eliminates the dilemma of choosing between convenience and security.

Leverage JumpCloud’s Password Manager Today

As passwords continue to hang on for the ride, MSPs must understand how to fit password managers into their IAM offering.

With JumpCloud’s hybrid password manager being the perfect mix of security, visibility, control, and convenience, password management just became less of a pick-your-poison dilemma.Learn more about JumpCloud’s password manager and watch a demonstration of it in this webinar.