Ask the Expert

Password security vaults: Is SSO authentication better?

I'm considering programs like 1password, Roboform or lastpass for our small business. What would you suggest that offers compatibility between PC and Mac programs; secures sensitive information; and, if possible, provides for multiple users, allowing certain people access to specific passwords and information? And can these programs be used on multiple computers, networked or not?

    Requires Free Membership to View

I have to say, I'm not a big fan of password security vaults. I understand the need for an easy way to help your users create and maintain their authentication information for many systems, but these tools are really just a Band-Aid for bad processes and non-integrated systems with local authentication. Password vaults are used to ease the burden of strict password policies that require passwords that are so complex users can't remember them or have to write them down. The vaults are also used to fix the problem of too many passwords due to business applications each storing their own credentials.

Before implementing a password vault, I suggest reviewing your organizational policies. If they're too cumbersome due to short expiries or long password lengths, then they cause more of a security risk than easing up on the reins. If it's the latter case, namely of applications not being integrated, then I'd look for a single sign-on (SSO) product rather than a password vault. SSO allows the user to provide a single password to access multiple systems without having to do a lot of infrastructure changes.

In the grand scheme of identity management, SSO implementations are less risky and easier on users than maintaining a password vault and asking users to maintain multiple passwords . Also, there is not much of a cost difference between the two, as both require integration, maintenance and administration support. However, if you still want to pursue the password vault route, I think you've already found some of the better products out there for a small business, and I would probably look at lastpass, then Roboform, but would need more information to lock in a selection.

The questions that still needed to be answered are: To what end systems and operating systems are your users going? How many passwords are users storing? Who are the "certain people" you mentioned in your question? And what's your budget? Whatever you do, keep in mind that as you move toward a more integrated authentication infrastructure, password vaults are only a step along the way and shouldn't be considered a long-term solution.

For more information:

This was first published in January 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: