Password managers are critical pieces of technology that allow you to improve your organization’s security without increasing the burden on your IT staff. Password managers make it easy to autofill credentials across accounts and devices, meaning that every account can be protected with a secure and complex password.
There are three main types of password manager, each with their own philosophies on how to keep your passwords safe and how to improve your security. These are browser-based, cloud-based, and desktop-based solutions, and one of the biggest differences between them is where they store your passwords, how much flexibility they offer in terms of deployment, integrations, and password storage, and how much security they offer.
In this article we’ll explore the pros and cons of the different password managers, looking at browser-based, cloud-based, and desktop-based solutions. This will arm you with the information you need to choose the right solution for your workplace. For a comprehensive list of password managers, you can read the following article:
Browser-Based Password Managers
Many internet browsers, like Safari and Chrome, offer built-in password managers that can automatically save and auto-fill your details when you need to log in to online accounts. While this type of password manager is secure, it’s seen as the minimum level of password security. The other types of password managers can add significant levels of security on top of these native capabilities.
Pros Of Browser-Based Password Managers
Most browsers have these capabilities built in. This makes them very easy to use, with browsers often prompting you to save passwords, without the need to configure security policies.
This type of password manager is free. As they are part of the browser, you do not need to pay any additional subscription to add this capability.
Cons Of Browser-Based Password Managers
Some browser-based password managers have limited features. Yes, they do the job of storing and auto-filling passwords, but there are many other elements that can help to make passwords more secure.
Some browser-based password managers lack the ability to generate secure passwords with a complex mixture of numbers, letters, and special characters. Those that can generate new passwords tend to lack the customization controls of dedicated password managers, such as being able to set a policy for password length.
There tends to be limited management functionalities and no reporting on password security organization-wide, making them more suitable for a consumer use case.
They often don’t require users to create a “master key” to access their vault; instead, they rely on the base layer of authentication that they use to log in to their device at the start of a session. This means that there’s no need for the user to remember a master key, but it also relies on the user locking their device when not in use for passwords to be secured.
Finally, as these tools are integrated within a specific browser, they have limited cross-browser or application support. They work well so long as you are using the browser. You would need another password manager to cover your applications, or any other browsers that you use.
These password managers are a great starting place and very easy to use. As they are an integral part of many browsers, you probably use one without being aware of it. That being said, those users who want increased flexibility to share passwords across applications or implement more stringent security should look to a more complex tool.
Cloud-based Password Managers
Cloud-based password managers are usually downloaded and managed through an application on your mobile or desktop. The important thing with this kind of manager is that the passwords themselves are stored in the cloud. This protects them against attacks on your device and can provide more flexibility, allowing users to access the passwords from multiple devices.
Pros Of Cloud-Based Password Managers
This type of manager is very easy to use. As the passwords are not limited to a browser or device, you can auto-fill your credentials on multiple devices and applications.
Cloud-based backup means that it is highly unlikely that your passwords will be lost if there is an outage. As long as you have an internet connection, you will be able to access your passwords.
The security settings used to protect your passwords by the provider can be much more stringent and complex than any that you could apply yourself. Through using AES-256, for example, it is virtually impossible to carry out a brute force attack.
They also often offer additional security features such as a built-in VPN, secure password sharing capabilities, and dark web scanning that tells users if their password has been compromised.
Advanced management capabilities (in-depth reporting on password health and hygiene, easy onboarding, and off-boarding, etc.).
Cons Of Cloud-Based Password Managers
As indicated in the “Pros” section, you need an internet connection to use your passwords. While this is not always a Con, it is worth keeping in mind.
Also mentioned in the previous section, you are not in control of your password security. While there is little need to doubt the security precautions taken by your provider, you do have less control than if you were to store your passwords yourself.
For password managers that can also store sensitive notes and data, it is worth considering if you are happy for this data to be stored by a third-party. While providers cannot access or view your data, they are still in control of it.
Cloud-based password mangers are very easy to use and allow you to autofill passwords across applications and devices. They deliver a high level of security, ensuring your passwords are secure and safe. That being said, you lose some degree of control and configuration over how your passwords are managed when using cloud-based managers.
Desktop-based Password Manager
Desktop-based password managers store your data on your device. This means that they can be very secure as the data is not shared with a third-party. However, this form is only as secure as the device and user is. If your device is susceptible to attack, your passwords could be compromised too.
Pros Of Desktop-Based Password Managers
By limiting the movement of your data, you limit the opportunities for an attacker to access it. This makes desktop-based password managers a great option for individuals and organizations that want to implement a high level of security. You have a much higher level of control over your passwords, meaning you can add the security protocols that match your specifications and needs.
As your data is stored on your device, you do not need to have internet access to use your passwords. This may make this type of solution better for specific industries where internet access is unreliable, such as fieldwork. That being said, many applications need internet access to work, meaning that storing passwords locally may not actually increase productivity.
Cons Of Desktop-Based Password Managers
This method is not the most flexible. As data is stored locally on your device, it cannot be shared between devices to foster seamless productivity. These platforms often allow some features to share passwords, though this capability moves away from local storage, increasing risk.
As you have much more control over your security, anything you don’t do won’t be done. This is particularly relevant with regard to backups. You must carry out regular manual backups, or schedule them to be automated, to ensure that you do not lose all of your passwords in a data loss event.
Desktop based password managers can deliver robust and effective password management. The degree of security is dependent on how secure your desktop is. In putting the onus on you to secure your users’ passwords, you are able to implement as many complex features as you need. For some organizations, however, this may be a limitation.
For more information about desktop based password managers, you can read our list of the top on-premise password managers here.
There is a range of password managers available on the market today. Each has its own strengths and weaknesses, making it better suited to a specific use-case. On-premises solutions, for example, can be more secure, but are less flexible. Cloud-based solutions can be very flexible, though you have less control over the details of how your passwords are stored.
When choosing a password manager, it is worth considering the “must have” features for your organization. Do you want the highest level of security? Or do you want flexibility that allows you to work across multiple devices?
Once you’ve made these decisions, you can compare the best solutions on the market with the help of our guide to business password managers: