What are the best password managers in Australia and how good are they at protecting the many passwords you and your team use in your business?
Online passwords have taken quite the journey over the years, from being initially very simple to having more complex requirements.
These little phrases are a necessary but increasingly frustrating part of life, and it has reached the point where keeping track of them feels impossible, especially when best practice requires you to have a different password for every account.
Password overload has led to the rise of password management platforms. Take a look at how these platforms work, how ‘safe’ they are and which password manager may be best for your business.
What is a password manager?
If you’re unfamiliar with the term, a password manager is an app that helps you store your passwords. It helps by generating strong passwords and then remembering them for you.
Using a password manager is considered safer than not using one because you will be more likely to use diverse, stronger passwords, and you are saved from using risky strategies like emailing yourself passwords so you can keep track of them (please don’t do this).
Key features of password managers
Your password manager will feature:
- Strong Encryption: In very simple language, encryption encodes information so it is harder for hackers to access. Look for password managers that use AES-256 encryption or higher.
- Multi-Platform Support: A good password manager should be available on multiple platforms, such as desktop computers, mobile devices and different web browsers. This allows you to work between devices and still have easy access to your own passwords
- Autofill Functionality: With autofill, when you install a browser plugin, it will automatically fill in your passwords so you don’t have to try to remember them.
- Two-Factor Authentication (2FA): 2FA adds an extra layer of security by requiring a second factor, such as a fingerprint or a code that’s texted to your mobile when you try to log into a website or online platform.
- Password Generator: A password manager should have a built-in password generator that can create strong, random passwords for you. This saves you from having to think up new phrases all the time.
- Secure Sharing: A password manager should allow you to securely share passwords with others, such as family members or colleagues. It gives them access without revealing the actual password.
- User Audits and Alerts: A password manager should provide alerts if a security breach does happen, and it should also have audit features that can show you which accounts have weak passwords, duplicate passwords, or are using passwords that have been compromised.
- Subscription fees: Often a service like this is free for one or a small handful of users but you will pay a monthly or annual cost to use it at an enterprise level
When you’re researching the best password managers, look for the ones that have undergone, and responded to, an independent security audit. This just means that security researchers have taken a close, critical look at the code for a piece of software and published their findings on its safety.
Self-hosted vs Cloud-based password managers
There are two options within the world of password managers; self-hosted and cloud-based.
Self-hosted password managers are installed on your business’s server or computer. They give your organisation control over passwords and data by allowing them to be stored locally.
This solution can be tailored to meet your business’s needs and preferences, but you will need your IT team to help you establish, manage and update your platform.
Self-hosting can make sense if your business handles data that needs to be kept highly secure. Because it only works on your computers and network, it can limit your business’s risk of being exposed to an attack.
Cloud-based password managers, store passwords and data on a third-party server, usually with encryption for security. Cloud-based solutions are easier to set up and require less input from your IT team but, there is always the risk that the third-party service provider could suffer a data breach or security breach, or that it goes out of business so you have to find another option.
Another thing to note is that providers which keep passwords in the cloud usually operate under the jurisdiction of their country’s government. This may mean a ruling authority technically can have access to your information. In addition to this, if there is an issue and you need to get into an employee’s account through their password manager, it may take some time to get to the company via the jurisdiction it is based in. Password manager 1Password, for example, will only “respond to requests domesticated to a court of competent jurisdiction in Ontario, Canada.”
Password Managers: Nothing is ever 100% secure
Unfortunately, it makes sense for hackers to target password managers.
In 2022, one of the best-known password managers, LastPass, was involved in a security incident. As it shared with its network, some source code and technical information were stolen from its development environment. While most of the data was encrypted, (meaning the hackers didn’t literally have a list of passwords), the breach did mean hackers could attempt to use ‘brute force’ and guess the master passwords of affected users.
When you’re choosing a password manager, work with your IT provider to do your research into which providers have the safest ratings and have never been breached.
At HuonIT, we can help you choose the best password manager platform based on your business and your needs.
Want to know more about a bespoke password management solution and other managed IT services? Contact Huon IT today.