Even with advances in security practices and technologies, passwords continue to remain a weak point in an organization’s cyber security strategy. Strong passwords are still an essential part of security strategy for most organizations, and poor password hygiene can make their IT network vulnerable.
According to the 2021 Verizon data breach investigation report, shared credentials and poor access management practices were among the top reasons for data breaches all over the globe.
But the simple fact is that maintaining passwords is simply difficult. According to studies, an average person has around 100 passwords (if you’re not convinced, just look up the passwords your browser has saved for you). And this number only goes higher for network managers and other IT professionals.
This is where password managers become useful.
Why do network engineers need password managers?
In very simple terms, network engineers need password managers because the stakes are higher. Imagine if a bad actor stole the credentials of an average non-techie person. Now multiply the consequence by 10 or a hundred.
Network managers handle the IT for organizations with at least 20 members, and there’s no limit to this number. They are responsible for maintaining the IT network and ensuring that employees get sustained and quality IT services. And for this, they have to keep the IT network secure, keep it safe from potential threats, and protect the organization’s IT assets.
They’ll have tools for monitoring the IT network, remotely accessing and troubleshooting employees’ devices, updating the assets’ firmware, sending security patches, and more. In simple terms, they hold the keys to the castle that protects the organization.
And there are lots of keys.
And when it comes to maintaining these keys (passwords), network managers are responsible for choosing complex, lengthy, not-easy-to-guess characters with multiple numbers and special characters. To use our earlier castle analogy, they cannot use just one key to keep the entire castle safe; they’ll need maybe even hundreds. And for good password hygiene, the network managers have to change them constantly.
Of course, network managers (and other IT professionals) cannot just write down these passwords in a ledger or use a notes app to keep them safe.
It’s simply not humanly possible to keep these different passwords all in your head (if you can, that would be the best solution), and that is why you need a password manager. With a password manager, you can use complicated lengthy passwords and change them constantly without having to memorize them. You just have to remember one master password.
What to look for in a password manager
Here are a few factors that make a good password manager:
Encryption: This is the bare minimum feature that any password manager should have. And this is why you can’t just store your passwords in a Word file and call it a day. Password managers usually come with 256-bit AES encryption and you’ll need a master password to access all your passwords. You should ensure that not even your vendor can access your passwords if you store them in cloud.
Multifactor authentication: For additional security, you should not rely only on a master password to keep your password manager secure. Some passwords managers work with 2FA apps that generate a token to verify your identity, but you can even go for biometrics for the same.
Sync with a cloud: Some password managers are designed to work solely on just one device. If you want to go all-in on security, you can use these password managers and keep that one device completely offline. But this will not be easy to use; you’ll have to carry this one device with you all the time and type in the passwords manually every time you want to access a service or a device. And if you have a secure password manager this will be overkill. It’s best to go with a solution that can sync either to a cloud provider or its own cloud.
Autofill, multi-platform support, and easy-to-export: This is not a security matter, but these features make a password manager more user-friendly. When you have lengthy passwords with numbers and special characters, you don’t want to type it manually every time you use them to log in. Most password managers offer autofill features which means you don’t have to type in the password, or even copy-paste it.
With multi-platform support, you can easily access your passwords on your phone, your laptop, or other devices easily. You can also recover the passwords in case your password manager is discontinued. Reddit user malikto44 explains this: “……That way, I can fire up a VM, dump all the passwords into a text file, GPG encrypt it, and purge the VM every so often for a backup. This way, should the PW manager stop being supported or corrupt sync entries, I still can recover both passwords and 2FA seeds.”
And by exporting your passwords into other formats, like plain text, CSV, or JSON, you can import them into other offline devices to use there.
Multi-user features: Along with yourself, it may be a good idea to implement password managers throughout the organization, or at least within your team. Enterprise password managers have multi-user features with which you can manage access, set standards for passwords, and receive alerts in case of suspicious login attempts.
Customer support: Most password managers offer some level of support, but since your work may affect the entire organization, email support alone may not cut it. Make sure you get 24/7 phone or live-chat support from your vendor.
What to look out for while choosing a password manager
While a password manager may have all the features we want, it’s also important to look at some drawbacks that they may have, before choosing one. Even if you’re using it for just yourself or if you’re implementing it for a team, migrating to a new one won’t be easy. And these factors will help you avoid that.
Free plan limitations: Plenty of password managers offer a free version of their solution, and in some limited scenarios, this may be enough. But some of them may not offer sync between devices or may place limits on the number of passwords you can save. So it's important to check out the features they offer on the free plan if you decide to go with it.
Another key factor is that most password managers won’t offer multi-user support on their free plans. While this may be alright to an extent, if you ever decide to scale up and implement password managers for your entire organization, it's important that the paid plans have the management features that you want, and that it is within your budget. It may be complicated to switch to a different vendor later.
Vendor history: This is a bit complicated to figure out. Obviously, you don’t want to work with a vendor who has suffered breaches in recent history. But you’ll also want to look into their customer relations, their security policies, and any recent news related to their products or the company.
For example, Myki, a popular password manager was recently acquired and decided to discontinue most of their products. This means organizations that were using them will have to migrate to new solutions. Another popular password manager Lastpass made changes to its free plan; they will let users sync only between the same device types; they won’t let you sync between mobile and laptop.
User-interface: This may be a minor aspect for personal use, but if you’re making password managers a part of your organization’s cybersecurity strategy, this may play a role in the adoption rates. If it’s not easy to use, employees may revert back to simple passwords or other unhygienic password practices.
Features like auto-fill, biometric authentication, and a clear user interface will improve the user experience and encourage employees to use them. Ideally, the password manager should fit right into the workflow and shouldn’t feel like an extra task.
Here are some of the best password managers available
Bitwarden is one of the leading password managers that network engineers use. It’s open-source, end-to-end AES 256-bit encrypted, and they don’t play around with security. Bitwarden has a bug bounty program and they conduct annual security audits with a third party.
They offer free plans for individual use and for a 2 person team (friend or partner) and the free plan offers sync across unlimited devices and device types, supports browsers, mobile apps, and desktop apps.
They offer 2FA for all of their plans, but you get enhanced 2FA options like Yubikey on their premium plans. The paid plans also come with priority support.
KeePass is a completely free and open-source password manager. The KeePass website doesn’t give the best impression, neither does its interface. The open-source community appears to have focused more on function than form. Since the solution is a bit technical, it may not be ideal for the average user, and the support comes mostly from community forums. And while you can use it on multiple platforms, it was designed for Windows systems.
That said, KeePass is feature-rich, supports multiple users, and even comes with a portable version which you can carry just plug and use without installation.
Thycotic offers a range of products for managing passwords and access. They allow secure and controlled access to the organization’s IT, helping you manage access and password sharing as people leave and join projects and the organization. Reddit user cryptsyryus uses Thycotic Secret Server for password management; according to them: “it can do WAY more than just store your secrets like PIM, Password Rotations for Network Gear and AD service accounts.”
Thycotic solutions are designed for enterprise IT management and integrate seamlessly with your IT workflow and processes. They have a range of free IT tools with which you can assess and manage your organization’s security tools. They also offer a range of support options and free trials on some solutions.
1Password is a popular password manager and comes with a range of security features. Admins can integrate 1Password with your existing workplace solutions, customize access controls, and create guest accounts as needed. The solution comes with custom reporting features that let you monitor threats and identify breaches. And they support all the major browsers and have apps for iOS, Android, Windows, Linux, and macOS. 1password has a master password to secure your passwords on your device and a secret key to secure your passwords in the cloud.
In case you find any difficulties, 1Password has a detailed knowledge base as well as email and Twitter support and VIP support for their business plans. They also offer a free trial on their plans for you to test out the products before you commit.
Roboform is a popular and feature-rich password manager. It comes with apps for Android, iOS, Mac, Windows, and popular browsers, supports multifactor authentication, and is AES 256 bit encrypted.
In case you face any difficulty, Roboform has a detailed knowledge base and 24/7/365 online support. The solution also has a password generator that helps you create strong passwords instantly. For personal use, 2factor authentication and sync across your devices are only supported on the paid plan. And for business use, they offer yearly subscriptions, but you can try it out on a 14 day all-access free trial for up to 30 users.
Codebook is a popular password manager that comes with a simple one-time payment for every platform. It’s available for Android, iOS, Windows, and Mac, is 256-bit AES encrypted, and is completely open-source. They also offer an enterprise version with a wide range of customization. It may be one of the oldest password managers in existence, first designed in 1998.
The password manager is offline by default, but you can sync across multiple devices over Wifi or the cloud.The solution also lets you import or export your passwords, comes with 2-factor authentication support, and a password generator.
Frequently asked questions
What is a password manager?
A password manager is a software used to store passwords securely. You can save all your passwords here and the password manager will in turn encrypt this with a master key. To access your passwords you have to enter your master password.
What all features should a network engineer look for in a password manager?
Network managers should look for the highest security standards when choosing a password manager. The password manager should support multi-factor authentication, sync across devices, and should come with comprehensive access control features. The vendor should have strong security and privacy practices and should have a good history without breaches or other issues.
For ease of use, the password manager must be supported across multiple devices, should have a good UI, and must autofill passwords.