I have to say, I'm not a big fan of password security vaults. I understand the need for an easy way to help your...
users create and maintain their authentication information for many systems, but these tools are really just a Band-Aid for bad processes and non-integrated systems with local authentication. Password vaults are used to ease the burden of strict password policies that require passwords that are so complex users can't remember them or have to write them down. The vaults are also used to fix the problem of too many passwords due to business applications each storing their own credentials.
Before implementing a password vault, I suggest reviewing your organizational policies. If they're too cumbersome due to short expiries or long password lengths, then they cause more of a security risk than easing up on the reins. If it's the latter case, namely of applications not being integrated, then I'd look for a single sign-on (SSO) product rather than a password vault. SSO allows the user to provide a single password to access multiple systems without having to do a lot of infrastructure changes.
In the grand scheme of identity management, SSO implementations are less risky and easier on users than maintaining a password vault and asking users to maintain multiple passwords . Also, there is not much of a cost difference between the two, as both require integration, maintenance and administration support. However, if you still want to pursue the password vault route, I think you've already found some of the better products out there for a small business, and I would probably look at lastpass, then Roboform, but would need more information to lock in a selection.
The questions that still needed to be answered are: To what end systems and operating systems are your users going? How many passwords are users storing? Who are the "certain people" you mentioned in your question? And what's your budget? Whatever you do, keep in mind that as you move toward a more integrated authentication infrastructure, password vaults are only a step along the way and shouldn't be considered a long-term solution.
For more information:
- Read more about whether KeePass is a safe choice for enterprise IAM.
- Learn about encrypting passwords with network security certificates
Dig Deeper on Password management and policy
Related Q&A from Randall Gamby
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.