For network administrators, passwords are like an old but increasingly unreliable friend. While easy to use on a single site, employees often choose weak ones, which makes them easy to brute force. Even when they’re strong, using them across multiple logins means employees end up with too many to remember in ways that encourage the risky habit of password reuse.
Addressing these issues is a complex undertaking. Smaller companies often lack the IT staff to monitor password behaviour which means they lose sight of their vulnerability. Larger companies have the opposite problem, where centralising passwords using technologies such as single sign-on (SSO) transfers the management overhead to the IT team.
Passwork password manager
Password managers such as Passwork are a way of addressing these problems that can be adopted by companies of any size. Designed primarily to automate web logins, the software stores passwords in a central, encrypted database accessed using a single master password that can be either self-hosted or via a remote cloud service.
Deploying a password manager such as Passwork has two advantages in terms of workflow. Because the software focuses on web logins used for SaaS applications across web and mobile, it captures most passwords users struggle with day to day. Secondly, it allows users to self-administer passwords more easily, lowering the management overhead for central IT teams.
Passwork stores passwords in vaults which can map to departments, specific projects, or job roles – for example employees requiring special privileges. Admins can keep track of who has access to which passwords, combing the database for weak passwords and tracking password history and usage. Additional account security can be mandated via the Passwork 2FA app.
User experience (UX)
Passwork auto-completes user logins for accounts in its database. This is not only a better user experience but defends against phishing attacks because the auto-complete will only activate on domains presenting the correct certificate. An important collaboration feature is the ability to send a password without providing access to the entire vault or with a temporary hyperlink to the password. Passwork mobile apps are available for Android and iOS supporting all major browsers.
Security and resilience
The on-premise version secure password data within an organisation’s own network. This gives security teams full control over data, policies, and vulnerability patching. Passwork is not a black box – all source code used in the on-premises version can be reviewed and tested for vulnerabilities. As well as being able to detect weak passwords, Passwork supports role-based access control, custom vault permissions, with tracking of previously used passwords.
Passwork can be configured to use Active Directory (AD) passwords and specific user groups via LDAP synchronization. The software also allows SAML SSO integration for organisations already using this approach. Similarly, other business applications can query the Passwork database via a RESTful API. Passwork supports clustering and failover.
Password managers, a compelling solution
Replacing passwords as an authentication mechanism has proved harder than many assumed it would be. One reason is that alternative technologies have disadvantages of their own, including proprietary design, immature standards, or added expense and management. For now, passwords work well as long as they are managed in a way that mitigates the risks they create. One of the best ways to achieve this is to use a flexible password manager such as Passwork.
For more information on how an on-premise password manager can help your business click here.