Beware of Password Managers
We asked technology leaders about the current habits of users in storing their passwords and 59% of these users answered that they store passwords in their browser’s password manager while 12% keep their passwords in a sticky note and 7% store them on their phones/devices.
None of these storage methods are advisable and they are all unsafe methods for storing a user credential.
A password manager or a password vault is a program that stores passwords for multiple applications in an encrypted format in a secure location. The password vaults can be accessed with a single username and password, and once accessed they have all the login credentials of the user’s applications or websites they are trying to access.
Organizations began to implement password managers for their employees to use to store their passwords in an encrypted and relatively secure environment. But password managers, although “encrypted” and “relatively secure” as they are designed to be, aren’t perfect. Also, not everybody like the idea of storing their password in a single location because if the password manager has been compromised hackers can potentially have an access to all of the user’s accounts. Password managers also don’t solve the problem of app proliferation, and they still require users to waste time logging in to each application.
Instead, many organizations turn to Single Sign-On (SSO). This is a secure solution that provides employees access to company apps and websites by asking them to sign in just once a day, using one username and password. When you sign in to a website through Facebook or Google, you’re using a type of SSO. In a business setting, employees usually have access to their company’s apps through SSO as an identity and access management (IAM) solution that uses the company’s directory, such as Microsoft Active Directory, Azure Active Directory, or a directory provided by the SSO solution.
In general, SSO is considered way more secure and easier to use than password managers. As part of an Identity and Access Management Solution, SSO eliminates the need for employees to maintain multiple passwords, easing the burden on users. It also reduces the frequency of logins and the number of credentials stored, reducing the attack potential for cybercriminals. Now that is a clear win-win for any organization!