Calendar white icon
Friday, April 16, 2021

Password managers: everything you need to know

Everything you need to consider when implementing a password manager for your organisation.

What is a password manager?

If passwords are keys, a password manager is the keyring that helps you to manage all your keys to ensure your accounts are kept safe. It helps you to organise them and label them to make sure they are in one place, easy to find and that you are in control of them.

Above all, it alleviates the need to remember all of them, remembering one master password to access the password manager is all you need to keep your passwords safe and at hand.

Types of password managers
Types of password managers

What password manager should you use?

The right password manager is the one that works for you, whether it’s as a person, or as an organisation. You need to trust it, and it needs to work with your setup.

You may already have a free basic password manager available on your device or browser, for example Google’s Password manager or Apple’s KeyChain. Or you may prefer to install a password manager with cloud features for Businesses such as Bitwarden, Lastpass or Dashlane.

You can narrow down options by asking yourself:

- Are you comfortable with your passwords being stored (encrypted) in the cloud or do you prefer to store them in your device?

N.B. Storing passwords in the cloud makes it easy to share across devices but relies on trusting the password manager to secure your data when in transit and when stored in the cloud.

- Does the password manager work across all of the devices you use?

- Do you need business features?

E.g. user management, single sign-on...etc.

- Do you want to use an open source or proprietary solution?

N.B. With open source, you have the means to know exactly how your data is stored, secured and processed (and you can rely on the community to have scrutinised it and fixed any issues). In contrast, with a proprietary solution, you have to rely on that company's word on how they secure and manage the data - but one could equally argue that protecting your code makes it harder for adversaries to find bugs!

The below table summarises the key password managers available in the market and their features:

Name For an Individual
(per month)
For a Business (per user per month) Password stored in Works on License
Bitwarden From $0/m From $0/m
(2 users)
(on premise option)
Android, iOS, Linux, macOS, Windows OpenSource
Lastpass From $0/m
(1 device type)
From $2.6/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
Dashlane From $0/m
(1 device)
From $5/m Cloud Android, iOS, macOS, Windows Proprietary
PasswordSafe Free Device Android, iOS, Windows OpenSource
Enpass From £1.62/m Device
(Cloud option)
Android, iOS, Linux, macOS, Windows Proprietary
MyKi Free From $3.99/m
(min 5 users)
(devices can sync)
Android, iOS, Linux, macOS, Windows Proprietary
1Password From $2.99/m From $3.99/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
Keeper From £2.49/m From £3.33/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
NordPass From £0/m
(1 device at a time)
From £3.59/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
RoboForm From $0/m
(without 2FA)
From £3.33/m Cloud Android, iOS, Linux, macOS, Windows Proprietary
Google Password manager Free Cloud Android, Chrome Proprietary
KeyChain Free Device
(Cloud option)
iOS, macOS OpenSource

Data valid as of 16 April 2021

Can I trust a password manager?

Password managers will store your passwords in a secure way - so that if your device or cloud data were to be compromised, your password would still be protected. This is because of the way they have been built. Firstly, most password managers use an algorithm that uses your master password to decrypt each individual password. Furthermore, in many cases, a second form of authentication is required to access the password manager, adding an additional layer of security. Finally, most password managers will also help generate safe and secure passwords that are hard to crack. Sharing your password with a third party application is a matter of trust, but it is arguably safer to trust a renown password manager than to write down your passwords, saving them in a file in your computer or reuse the same one (or variations of it).

We suggest that you  compare the individual features of each password manager to determine what suits you or your organisation best. However, on top of this we would also highly recommend you that you activate and enforce 2FA (Two Factor Authentication, also referred to as Multi-Factor-Authentication (MFA)) on your emails and key accounts. 2FA gives you an additional layer of protection by requiring two distinct forms of identification in order to access any of your accounts. For example, being able to log-in to your emails by typing in your password as well as entering a code that is sent to your phone via text. One strong master password linked to a password manager is a good protection measure but given that you typically grant password managers access to a lot of your confidential data, we suggest you enforce 2FA on your key accounts on top of this as well in order to maximise protection. Our cybersecurity portal comes with a tutorial that shows how to implement 2FA for your emails centrally.

Should my organisation choose a single password manager for everyone?

Some of the password managers listed in our table have business features. By using the same password manager across your organisation you can benefit from functionalities dedicated to businesses such as:

- Centrally manage access to the password manager

- Share securely passwords and secrets that are associated to shared accounts

Keeping passwords safe with Bewica's help

Regardless of whether you decide to use a password manager for your organisation or not, our portal contributes to maintaining strong and secure passwords in your organisation in a number of ways:

1. Helping you implement a strong password policy through our IT Policy generator which follows best practice and is included in our subscriptions. A strong password policy gives guidance to your team to enforce the use of strong passwords which are more resistant to hacking attempts.

2. Helping you generate strong passwords through our strong password generator in our subscriptions. The password generator automatically checks against a database of known breaches, reducing the chances of you using a password that is already in a breach.

3. Sending you data breach notifications that impact your staff's email addresses members. Our dark web monitoring service included in Level 2 of our portal (Advanced Security) alerts you if any of your team members passwords have been compromised in public data breaches. If any of them have been compromised, instructions can be sent to your staff members from our portal, advising them of what to do.

4. Helping you implement 2FA centrally for emails. Our subscriptions include a tutorial on how to implement 2FA for your emails centrally, which is also a requirement to obtain the Digitally Aware certificate.

Start protecting your accounts with secure passwords by creating a free account here.

Jean-Martin Zarate
Linkedin Icon - black background