4 Problems with Password Managers Today
Sep 13, 2022
Sep 13, 2022
The four primary problems of password managers causing low adoption and other failures to achieve the desired security outcome are discussed below.
Passwords are literally the keys to the kingdom when it comes to the Internet, and they are oftentimes the primary target for cyberattacks. With the right stolen password, a criminal can steal millions of dollars, confidential data, or just wreak havoc in an organization. In some cases, it could mean life or death when the target is a hospital, a utility, or infrastructure system.
The proliferation of SaaS has only made the problem of securing passwords even harder. Most people are unable to remember all the logins and passwords they need for the apps they use for their job. So many people use password managers, which are sometimes mandated by the company. The purpose of the company-provided password manager is to ensure that all the SaaS accounts being used by the employee is recorded and IT can secure or take control of the SaaS account when needed, for example to resolve a breach or when the employee leaves the company.
Most companies use an SSO product to secure and monitor usage for their core SaaS applications. An average company often has 200 or more SaaS apps being used, and the large majority of these are not governed by the SSO product. One of the main reasons is licensing costs, or what is known as the SSO tax. To enable SSO integration many SaaS apps require a license upgrade that is often3X or more than the normal user license. The cost to add it to SSO could easily run into the tens of thousands of dollars. As a result, companies only add the core SaaS apps or those that are widely used in a company and pose a high risk. SSO is not the right solution to govern access to the hundreds of SaaS apps used in a company.
For the hundreds of apps not in SSO, many companies deploy an additional product. Password manager products provide secure vaults that can help employees store and manage their passwords. They have features that help users generate secure passwords, log in more quickly, and share credentials securely. However, adoption tends to below, often estimated to be in the 20% range, and users often do not follow secure password best practices. A low adoption rate means the cost per user license for password managers is 5X higher than what companies may think they are paying. The four primary problems of password managers causing low adoption and other failures to achieve the desired security outcome are further discussed below.
Using a password manager is voluntary, and so most people end up not putting their passwords in them. They may also have a product that they already use for their personal passwords and prefer to have their work passwords in the one they already use for convenience. The voluntary nature of password managers means adoption rates will remain low.
Password managers allow users to determine the password that they want to use for an app. They all have password generators that can create secure passwords automatically. However, most users will create their own password because it is more convenient. When an employee defines the password, they have full access to the app from unmanaged devices. A very real and important risk is that when an employee leaves the company, they take the password, hence the access to the SaaS app, with them.
Related to the previous two problems, the actual passwords the employee may not meet the standards officially set by the company’s password policy. This often means that passwords are weaker than what company policy dictates and reused across multiple apps. Other than being stored in the password manager, the company has no way to enforce compliance to password policies.
One of the best practices in password hygiene is to rotate passwords. Third party breaches happen regularly, so rotating passwords is an effective way to mitigate any passwords that may have been stolen. The problem is that this is a manual process. Most employees use 20 to 30 apps, and if they must reset them on a monthly or quarterly basis, it becomes a burdensome task that most employees will never complete.
Grip has overcome the four primary problems of password managers. The Grip Access product works as part of the SaaS security control plane to help companies manage and govern employee SaaS logins and passwords that are not available from any other identity or access management product.
When a company deploys GripAccess, using it for SaaS app password management becomes mandatory. Grip can detect whether an employee has created a SaaS account. If that password is not stored in Grip Access, the employee is prompted to add it. If they do not comply, Grip will lock the account until the account is added.
Unlike legacy password managers,Grip Access requires the user to create a secure password that complies with the company’s policies. The employee does not know or is able to access the actual password itself, meaning they can never be phished for passwords stored in Grip Access.
With mandatory enrollment and system generated passwords, companies can finally enforce compliance to password policies. When employees are out of compliance, Grip Access prompts the user to reset their password to comply. Non-compliance results in a locked SaaS account, which always prompts the employee to comply.
Grip Access has built in automation that automatically rotates the passwords on a regular basis. Whether the employee has one password or hundreds, Grip Access can rotate the passwords automatically. This removes the number one reason for why employees do not regularly rotate passwords because it is a seamless user experience, and they will not even know that it has occurred.
Grip Access works as a simple browser plugin and works with the Grip SaaS Security Control Plane to provide a password manager solution that finally achieves the security outcomes the industry seeks. Contact us for a personal demo.
Fill out the form and we’ll send you our Datasheet.
Give us a test drive.
Fill out the form and we’ll get in touch with you.
Fill out the form and watch webinar's video.