I have to say, I'm not a big fan of password security vaults. I understand the need for an easy way to help your
users create and maintain their authentication information for many systems, but these tools are really just a Band-Aid for bad processes and non-integrated systems with local authentication. Password vaults are used to ease the burden of strict password policies that require passwords that are so complex users can't remember them or have to write them down. The vaults are also used to fix the problem of too many passwords due to business applications each storing their own credentials.
Before implementing a password vault, I suggest reviewing your organizational policies. If they're too cumbersome due to short expiries or long password lengths, then they cause more of a security risk than easing up on the reins. If it's the latter case, namely of applications not being integrated, then I'd look for a single sign-on (SSO) product rather than a password vault. SSO allows the user to provide a single password to access multiple systems without having to do a lot of infrastructure changes.
In the grand scheme of identity management, SSO implementations are less risky and easier on users than maintaining a password vault and asking users to maintain multiple passwords . Also, there is not much of a cost difference between the two, as both require integration, maintenance and administration support. However, if you still want to pursue the password vault route, I think you've already found some of the better products out there for a small business, and I would probably look at lastpass, then Roboform, but would need more information to lock in a selection.
The questions that still needed to be answered are: To what end systems and operating systems are your users going? How many passwords are users storing? Who are the "certain people" you mentioned in your question? And what's your budget? Whatever you do, keep in mind that as you move toward a more integrated authentication infrastructure, password vaults are only a step along the way and shouldn't be considered a long-term solution.
For more information:
- Read more about whether KeePass is a safe choice for enterprise IAM.
- Learn about encrypting passwords with network security certificates
Dig deeper on Password Management and Policy
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.