Beware of Password Managers

April 23rd, 2021   |     |  security & compliance

In an attempt to understand where users typically store their passwords, we recently asked today’s technology leaders about the current habits of their employees.

Of those surveyed, 59 percent store passwords in their browser’s password manager, while 12 percent keep their passwords on a sticky note, and 7 percent store them on their phones/devices.

But none of these storage methods are advisable.

While using sticky notes or a personal device may be convenient and readily available in an office setting, they are extremely easy to steal. And while a high number of respondents rely on their browser’s password manager, this is also an unsafe method of password storage.

A password manager, also called a password vault, is a program that stores usernames and passwords for multiple applications in a secure location and in an encrypted format. Users access the password vault via a single username and password, and the password vault provides a password for the website they are trying to access.

When organizations begin to implement stricter password requirements, they often start with password managers. For example, an organization might require that passwords be changed frequently, use random characters, or be longer in length. Since these more complex passwords are difficult to remember, some organizations purchase a password manager that employees can use to store passwords in an encrypted, relatively secure environment.

But most organizations quickly outgrow password managers. For one thing, password managers introduce a new problem: employees must add password management to their list of tasks. Password managers also don’t solve the problem of app proliferation, and they still require users to waste time logging into each app.

Instead, many organizations turn to Single Sign-On (SSO). This is a secure solution that provides employees access to company apps and websites by asking them to sign in just once a day, using one username and password. When you sign in to a website through Facebook or Google, you’re using a type of SSO. In a business setting, employees usually have access to their company’s apps through SSO as an identity and access management (IAM) solution that uses the company’s directory, such as Microsoft Active Directory, Azure Active Directory, or a directory provided by the SSO solution.

In general, SSO is considered way more secure and easier to use than password managers. As part of an IAM solution, SSO eliminates the need for employees to maintain multiple passwords, easing the burden on users. It also reduces the frequency of logins and the number of credentials stored, reducing the attack potential for cybercriminals. Now that’s a clear win-win for any organization.

Check out the other pieces in our World Password Day series!

Part 1: Solving the Password Problem with MFA

Part 2: Improve Cybersecurity with Passwordless Authentication

OneLogin blog author
About the Author

As the Senior Manager of Content Marketing at OneLogin, Lucie Lawrence focuses on developing useful and useable content. Lucie’s master’s degree in journalism and PhD in human communication studies have taught her the magic of storytelling and the importance of crafting information in interesting and compelling ways.

View all posts by Lucie Lawrence

OneLogin blog author
About the Author

As the Senior Manager of Content Marketing at OneLogin, Lucie Lawrence focuses on developing useful and useable content. Lucie’s master’s degree in journalism and PhD in human communication studies have taught her the magic of storytelling and the importance of crafting information in interesting and compelling ways.

View all posts by Lucie Lawrence

Secure all your apps, users, and devices