8 Features To Look For When Choosing A Password Management Solution
We put together a list of valuable password manager features you should consider prioritizing in your search for the perfect solution.
Passwords remain, even today, the frontline of data protection and the most basic form of IT security. We use passwords to confirm our identity and gain access to a vast range of different applications and accounts, from vital high-value corporate accounts to personal applications.
Passwords are unavoidable in today’s digital world, so users need to be wary of the risks associated with poor password management. According to Verizon, one-third of malware breaches are caused by password dumper malware, so poor hygiene practices like using weak password or reusing password across multiple accounts are a risk we cannot afford to take.
One of the most effective tools to minimize the risk without placing unrealistic expectations on users to memorize multiple complex passwords is a password manager.
What Is A Password Manager?
A password manager is an application or program which allows users to safely store and manage their passwords and other login information within a secure, encrypted vault. Many password managers will also let you store other sensitive information such as phone numbers, addresses, secure notes and credit card numbers.
Access to a password manager is typically unlocked via a master password, but often there with be a secondary authentication measure in place—i.e., a one-time passcode sent to your phone, biometric data like a fingerprint or facial scan etc. The main advantages for businesses and individuals using a password manager are the improvements to online safety and the convenience of removing the need to manually memorize complex password across countless sites.
Password managers are not all the same as they are often designed with specific needs in mind, although they do all serve the same core function—facilitating password management. The three most common types of password managers are:
- Desktop: This is one of the oldest and most popular types of password manager application and works by encrypting and storing password directly on the user’s machine. However, while this does work to keep credentials secured and limit potential for breaches, these products are limited in that they can only be used on a single machine, which makes them a poor choice for those using multiple computers and mobile devices.
- Cloud-based: This type of password manager lives in the cloud and so let you access your credentials from any device, regardless of network of location. This increased availability of the passwords is convenient and easy to use for your day to day needs but does have the drawback of leaving security solely in the hands of the provider, which leaves users open to potential breaches.
- Single sign-on: In corporate settings this type of password manager is the one most commonly used. Single sign-one password managers let you use a single password for all web services and applications, conveniently removing the need to use multiple different credentials. SSO relies on passing tokens to the site or app to request authentication.
Features To Look For In A Password Manager
As password managers have grown in prevalence, the market for password managers has also—predictably—grown considerably, with the Password Management Market expected to expand at a CAGR of 15.87% over the forecast period 2022 – 2027.
This means that there are now a lot of options available with a wide and varied range of offerings and capabilities, so shopping around for the right password manager may be overwhelming if you are not sure what to look for.
First, you should consider your specific needs so you can be certain any password manager you choose is fulfilling them adequately. Then make sure that whatever solution you are considering includes the following useful features:
End-To-End Encryption
One of the most important things to consider when searching for the right password manager is the solutions security features. Given that you will have all of your account credentials stored together, including those that unlock important platforms like your bank, it is worth ensuring that any password manager you consider leveraging has adequate protocols in place to ensure data is kept secure.
Included in this is of course advanced encryption, which is a must have as the core function of a password manager is to secure your data. End-to-End encryption is sometimes also referred to as zero-knowledge architecture, since it allows providers to store customers data in a way that is both highly secured and offers zero transparency to anyone other than the user themselves. Without end-to-end encryption data simply will not be as secure as it should be.
End-to-end encryption makes data indecipherable, both at rest and in transit, and the platform will only decrypt this data when the unique authentication key is provided by the user. With secure encryption in place even the solutions provider is unable to access your passwords; instead, the platform simply stores your encrypted and secure data, so your passwords are safe even if the provider is hacked.
Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a common feature of password managers, which exists to support security but adding an extra layer of protecting in front of your credentials. Like adding an additional lock to your front door.
With MFA you are required to log in using not just the master password, but also a secondary method of authentication. This might be a one-time passcode send to your phone or a notification through the app that you must confirm to gain access.
Secure Password Generator
This is an excellent tool that any password manager you choose should offer. You lose many of the benefits of using a password manager if the passwords you end up using are weak and easy to hack, so ensuring you are using strong, lengthy, and complex (i.e., with various letters, characters, and numbers) passwords is very important. But with so many accounts to manage people are finding it difficult to craft these complicated, hard to break passwords—which is what makes password generators so useful.
Most password managers today come equipped with in-built password generators that can be customized by users, letting you adjust the length of a generated password and specify whether should include special characters, numbers lowercase and uppercase letters. These generated passwords can then be saved into the application to be used later on or copied and pasted onto a web page.
Autofill
Autofill, as implied by the name, is when the password manager automatically fills in online information forms with the appropriate information, such as names, numbers, usernames, passwords etc. Password autofill is convenient as it removes the need to manually type out or copy and paste usernames and passwords to access your accounts, and automatically completes the forms you encounter online, saving time and reducing the window for errors.
Form fill profiles are typically available on mobile and desktop and can be found in the navigation bar. If you have a password manager browser extension installed, it may automatically ask if you would like to create a profile based on forms you have completed already while browsing.
Role-Based Permissions
Another password manager feature that is particularly useful for businesses is the ability to control access to certain high-profile passwords. Passwords can easily become a serious security risk in the wrong hands, so having all of your organization’s passwords secured in one location which a large number of people have easy access to is leaving the door open for a potential breach. People can act carelessly or maliciously and before you know it hackers have gained access to your most sensitive and valuable accounts.
With role-based permissions administrators have the option to place limitation on who can access certain passwords, ensuring that the only employees with access are those who use these passwords to fulfill their roll. By reducing the number of people who can access certain password you also have the added benefit of making the platform less cluttered and making it simpler to navigate.
Password Security Score
The best password managers will also diagnose your digital security by evaluating your passwords for you and then scoring them based on now robust they are. This score takes into account a few different factors, including how frequently you have used the same passcode, your password’s length, which characters were used, whether you included numbers, if upper and lower-case letters are used, how recently the password was updated etc.
Once your passwords have been evaluated and scored you will have better insights into which accounts needs a refresh; how many of your accounts are reusing passwords or using very weak passwords? Some password managers will also reveal your relative standing compared to other users and some, including LastPass, incentive users to compare their security score with friend by inviting them to take the security challenge and compare scores.
Secure Password Sharing
The ability to securely share password is an important password manager feature, especially for medium to large sized organizations with shifting roles which require employees to be granted short term access to a digital service in order to carry out their day’s tasks. With password sharing users can safely share passwords and credentials over secure channels, effectively negating the security risks with sharing these important logins over less secure avenues such as SMS, emails and messenger applications.
The top passwords managers on the market typically include this useful feature as a built-in tool, allowing users to share passwords and other sensitive information easily and safely from within the application itself. Some providers even offer zero-knowledge password sharing, facilitating the sharing of password in an encrypted form. This means password can be shared but not viewed, so those granted one time access will not be able to save that password for future use.
Recovery
The convenience of the password manager comes from negating the need to remember dozens or hundreds of different complex passwords, and instead securing them behind one access point which is unlocked by a master password (plus any additional authentication methods used in conjuncture with the master password).
This master password is the primary key to your encrypted vault and is very important. But this key can be lost, and if that happens it is vital to have a recovery option in place to avoid losing access to your vault data. There isn’t a standard approach to this as different password managers will do things their own way, so be sure to look into what recovery options a password manager you are considering offers and how it works before making your decision.
Summary
There are a lot of password managers on the market today which may or may not suit your specific needs. While the search for the ideal solution may feel overwhelming, narrowing down your options based on whether or not they offer certain highly useful features could simplify the process.
The eight features discussed above may not be the only features you require, but if your organization is considering investing in a password manager these features make up a good baseline for the capabilities you should expect your chosen solution to include.
For our top choices for password managers check out our buyers guide on The Top 10 Password Managers For Business.