How to Choose a Safe Password Manager in 2020
Every managed services provider (MSP) should have a password manager. This isn’t surprising information or uncommon advice. In fact, IT security experts have been recommending the use of password managers for years. Despite this, many organizations are only just beginning to use password managers. In an increasingly digital world, protecting our credentials is both difficult and critical.
Individuals and organizations alike are registered with multiple online platforms, each requiring a unique password. Most of us are guilty of creating passwords at some point that are overly simplistic for our memory’s sake—making us highly vulnerable to attack. Some of us even use the same password across several platforms.
For MSPs, maintaining a robust and reliable password manager is even more important. MSPs hold access credentials for potentially hundreds of thousands of customer systems. These credentials, if stolen, could provide a hacker with access to networks, applications, devices, and even data. Given you hold the keys to the metaphorical castle due to how much data you have access to, you’re a prime target for cybercriminals. To protect yourself and your customers, you should use a privileged password manager. This guide will provide a list of the most important password management security features that MSPs should think about in 2020.
Are password managers actually secure?
A reliable password manager is safe to use—in fact, it’s highly recommended. The best password managers keep your account logins safe by using encryption, and some even come with IT documentation software built in to facilitate technicians’ work. As a bonus, password managers are easy to use. To help improve security, you should create a unique master password that will be difficult for hackers to guess. The most effective passwords include random numbers, special characters, and are over eight characters in length.
Once implemented, your password manager will generate unique and complex passwords for every service and digital platform you log into and store them in the password vault. This process is significantly more secure than reusing passwords, which poses a huge risk to your online safety. Using a password manager also means spending less time going down the forgotten password route or accidentally freezing your account from multiple login attempts whenever your credentials slip your mind.
Can you trust password managers?
You should absolutely trust password managers—especially when the alternative is thinking of passwords and memorizing them yourself, or worse, storing passwords in a spreadsheet somewhere. The passwords generated by password managers are unique and complex, making them almost impossible to guess. When we create passwords ourselves, on the other hand, we tend to use dates, names, or other identifiable personal information to make them more memorable. This inevitably creates vulnerability.
A password manager is a more secure way of generating and storing your passwords. However, no online system is completely infallible. Any online service can be hacked, just as your own accounts and systems can be hacked. But by using a password manager, you trust your provider to take the appropriate security measures to protect your information, such as industry high standard encryption and multi-factor authentication (MFA). In short, password managers operate at maximum security, making them trustworthy and a much better option than other alternatives.
Password manager safety and security features to prioritize
Different password managers will have different types and levels of security, with some more stringent and robust than others. When choosing a safe password manager for your business, there are several security features you should look out for, including:
1. Vulnerability management and penetration testing
Developers should regularly scan their password management program for vulnerabilities. The best password management security systems are subject to external penetration tests. If they identify any issues, you should have confidence they will prioritize and remediate them as quickly as possible.
2. IT documentation
The safety and security of a password manager is improved by IT documentation software. A program with built-in IT documentation capabilities can simplify the documentation process for you. It can also eliminate wasted time for technicians while standardizing service delivery and expediting any issues.
3. Security monitoring
Ideally, a password manager’s access control and audit logs should be continuously monitored for usage to help ensure that credentials are being handled with security in mind.
4. Change management
It is crucial that the provider of your password manager implements change management processes. Change management ensures that any changes or updates to the software are reviewed in staging areas that are separated from the production environment. The review process should be exhaustive. If a technical difficulty occurs, the previous version of the service should be restorable. This protects continuity so that if the developer has a problem at their end, it shouldn’t impact you or your customers.
5. Data sovereignty
A password manager that has been designed to be secure will achieve data sovereignty by maintaining distinct, independent databases in multiple regions. A point in time recovery system, which allows the developer to restore to an earlier point in time, is also an important security feature. In an emergency or in the event of technical difficulty, password managers with this framework in place can restore the environment to a replica obtained from an earlier time prior to the event.
6. High availability and redundancy
Choosing a password manager that is hosted in multiple locations is also beneficial because it allows the provider to scale dynamically according to load. By using multiple unique instances in a clustered load-balancing configuration, your password manager can allow for redundancy, load distribution, and scalability.
Choosing the safest password management security software
For MSPs looking for a password manager to help support their own business as well as their customers’ businesses, consider SolarWinds® Passportal. Passportal is an award-winning password management tool that includes the security features listed above and can be trusted to help keep your MSP safe. Passportal services are hosted from Australia, Canada, Germany, the United States, and the United Kingdom.
Passportal employs a minimum of three unique instances in a clustered load-balancing configuration, allowing for redundancy and scalability—and it maintains independent databases in each region. Passportal features robust change management processes and is scanned regularly for weaknesses, with external penetration tests conducted annually by reputable security providers.
Despite its advanced level of security, Passportal is also easy to use. It was designed specifically for MSPs, with features reflecting the unique requirements of MSPs and their customers. Passportal also offers IT documentation software, which provides privileged client document management capabilities.
With the encrypted password vault, controlled by role-based permissions and MFA, you’re given control over who accesses your data and how. This tool helps you and your customers follow MSP best practices, advising you on what to document and how. This can also streamline your technicians’ work by helping them expedite problems and standardize delivery of service. To top it off, Passportal is a cross-platform tool that you can access from multiple devices, making it great for MSPs who want to use it as a team. Request a demo of Passportal today.
- Benefits of Password Management
- Do We Go Overboard with Security?
- MSPs: Increase Security with the Passportal Integration for ConnectWise Control
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.