Software can secure and manage employees’ login credentials
By Maria Korolov
Several companies offer business-friendly versions of password management software tools, and work with all major browsers and mobile devices.
Product: Dashlane Premium
Price: $39.99 per user per year
Summary: The New York City-based company offers many business-friendly administrative tools, such as emergency contacts and automatic syncing of password changes to team members. Multifactor options include authentication with Google Authenticator and with the fingerprint scanner on iOS devices.
Keeper Security Inc.
Product: Keeper Enterprise
Price: $750 per year, plus $48 per user per year
Summary: The Chicago-based company has a central administration console to control password employee access to systems. Integrates with a variety of mobile management software platforms. Multifactor options include iPhone biometrics.
Product: LastPass Enterprise
Price: Starts at $24 per user per year, and prices drop for more than 100 users
Summary: LastPass in Fairfax, Va., had a data breach in June, but no actual passwords were lost. Its system collects logs, generates compliance reports and integrates single sign-on for cloud apps. Unlimited shared folders can be created with custom permissions, and administrators also can grant users the privilege to create shared folders. The company partners with a variety of multifactor authentication and one-time password providers, including Toopher, Yubico and Duo Security.
Product: LogmeOnce Enterprise Edition
Price: $24 per user per year
Summary: The McLean, Va., company’s system supports fingerprint authentication, many two-factor options, both single sign-on and single logoff, and management features such as user access controls. Conducts a variety of compliance-related reporting, as well as application and cloud-services use reports. Allows users to share passwords secretly.
Syber Systems Inc.
Product: RoboForm Enterprise
Price: $40 per year plus 20 percent maintenance fee. Integration services, local synchronization servers extra.
Summary: The Fairfax, Va., company offers one-time password authentication for devices, with device management. Good at handling application passwords. Allows users to share passwords, but doesn’t hide the actual passwords themselves. Multifactor options include email and text-message authentication.
Despite the many news reports and employee security training that warn against doing so, one thing as sure as death and taxes is that computer users will use the simplest, easiest-to-remember password they can get away with. Even company employees are tempted to do so.
According to Dashlane Inc., a password management software company in New York City, a typical computer user has 130 online accounts to keep track of. However exaggerated that estimate might be, it’s clear people are becoming increasingly challenged to create and remember all of their passwords, especially the most complex but highly secure ones.
Unfortunately, stolen credentials are the most common attack that hackers attempt, according to the latest Verizon Data Breach Investigations Report. And, of course, hackers who obtain any one set of credentials routinely try that same password on other accounts, points out Jerry Irvine, an executive with the software security firm Prescient Solutions LLC in Chicago.
Because a bank employee’s work email address also typically includes the name of the bank where he or she works, Irvine adds, a hacker could use that information along with lax password use to breach a company’s security walls. And password theft is just one dimension of the problem. An average 100-employee company loses $42,000 per year in productivity addressing forgotten passwords, according to a 2014 survey by security firm Centrify Corp. in Santa Clara, Calif.
Large enterprises typically deploy centralized single sign-on solutions that require expensive and time-consuming integration with corporate applications and may not support mobile access or online logins. Such enterprisewide, single sign-on password protocols available to community banks reduce the number of passwords their employees need to remember, but they often don’t address the problem of various online accounts most employees use. They also can be too expensive and difficult to implement.
Various password manager software systems have been developed to help address these problems. Residing on an end user’s computer to protect both internal and external login credentials, these systems have been developed to save all of a user’s logins and passwords in a single secure, encrypted vault.
They work by sitting on employee desktops and mobile devices, noticing whenever the user logs into anything from a local application to a website. They remember the login and password and then automatically fill them in for the user later. Individuals passwords can be long and complicated because the user only has to remember the one password he or she needs to sign in through the password manager.
Originally designed to address the needs of everyday consumers, password manager systems typically include considerable management-friendly functionality and controls. They are fast and easy to install. They are low-cost and designed to be Web- and mobile-friendly right from the start, and they are becoming easier to use all the time.
Yet these systems also are typically functional enough for many community banks. According to Irvine, the most suitable password management systems for banks should support two-factor authentication, provide compliance reports and offer employee directory integration that stores passwords in a secure location. In addition, if such software should support both work-related and personal passwords, those should be kept in two separate locations on a network, he says.
RoboForm, for example, one of the oldest password management systems, allows its bank customers to either store passwords locally or in secure cloud storage. Like most password management software, the system works in the background. It offers to remember passwords when users log into applications and websites the first time, then automatically fills in the forms later. It also can generate long, complicated passwords.
A two-factor option uses email or text message as a confirmation step. Most password management software systems offer two-factor authentication, using everything from USB tokens to smartphone fingerprint scanners. They also can keep track of the systems that each employee logs into.
Maria Korolov is a technology writer in Massachusetts.