Password managers are tools that provide users and businesses the ability to track, store, protect, share and manage passwords for applications and online services.
Password management solutions are crucial to keeping users safe and secure as they surf the web. As cyberattackers increasingly infiltrate corporate networks, it is important that businesses take the necessary steps to ensure that company accounts are secure. Sixty percent of respondents to the Ponemon Institute’s Cybersecurity in the Remote Work Era: A Global Risk Report, commissioned by Keeper Security in 2020, reported that their organizations had experienced a cyberattack in the previous 12 months. Further, according to Verizon’s 2021 Data Breach Investigations Report, stolen or compromised passwords are responsible for 81% of successful data breaches.
Security is not the only reason for organizations to deploy a password manager. It’s extremely difficult for employees to keep track of the many login credentials that they use to do their jobs, which harms organizational productivity. Password managers virtually eliminate the need for employees to file help desk tickets for password resets.
How Do Password Managers Work?
Web-based password managers, such as solutions from Keeper Security, LastPass and 1Password, store passwords in a secure, cloud-based digital vault. This allows users to access passwords from anywhere, using any device. Users can access their password vaults through the password manager’s web application or by downloading the desktop app, browser extension or mobile app.
Does this mean the provider has access to its users’ passwords? No! Password managers like Keeper use zero-trust and zero-knowledge security. This means that passwords are encrypted on the user’s device before they are sent to the cloud server, which prevents the password management company – and threat actors – from accessing them. You are always in complete control of your master password and the encryption keys that are used to encrypt and decrypt your information. Keeper cannot access your information because all encryption keys are generated on your devices — not in our infrastructure.
Why Should Your Business Use a Password Manager?
As the pandemic forced everyone to shift their work, shopping, education, and leisure activities online, many people continued engaging in poor password habits, such as reusing passwords across accounts. Not surprisingly, cyberattacks involving usernames and passwords increased 450% over 2019—resulting in more than one billion compromised records in the United States alone, according to the 2021 ForgeRock Consumer Identity Breach Report.
Data breaches involving customer details, employee addresses and other private information can create legal trouble for businesses. ForgeRock estimates that over the past three years, more than 11 billion consumer records have been exposed.
Global Password Management Market Spikes as Organizations Seek to Prevent Data Breaches
With cyberattacks becoming more frequent, organizations must take steps to protect their data, and they are increasingly turning to password managers. Grandview Research expects the global password management market to experience a compound annual growth rate of 19.4% and reach $2,056.3 million by 2025.
Sectors that are using password managers include banking, financial services and insurance (BFSI), public sector and utilities, education, manufacturing, healthcare, retail and wholesale distribution, and telecom and IT. The ForgeRock report notes that the healthcare industry accounted for 34% of all breaches in 2020, with financial services in second place (12% of all breaches), followed by education (8%).
How Strong Are Your Employees’ Passwords?
Are your employees using unique passwords for every account, or are they simply reusing minor variations of the same base password? Are your employees’ passwords complex, meaning that they contain a mixture of uppercase letters, lowercase letters, numbers, and symbols, or are their passwords all lower case with just one special symbol?
It’s extremely difficult for humans to remember multiple passwords, which is why so many people resort to poor password habits. According to the Workplace Password Malpractice Report, commissioned by Keeper, people often use the same strategies when creating passwords:
- Over one-third (37%) of respondents have used their employer’s name in a work-related password.
- Over one-third (34%) have used their significant other’s name or birthday.
- Nearly one-third (31%) have used their child’s name or birthday.
Password managers have an automatic password generator function, which automatically creates strong, unique passwords and automatically saves them to the user’s digital vault. Users are no longer required to memorize their passwords, and the passwords are difficult for cyberattackers to guess. When a password manager is paired with single sign-on (SSO), it’s even easier for users; they can access multiple applications with a single ID.
Increased Protection Against Phishing and Identity Theft
Many people fall victim to phishing sites and emails. Phishing is when an attacker sends a fake message to trick a person into revealing private information or deploying malware on their machine.
According to IBM research, phishing was the most common infection vector for financial services companies, leading to 46% of attacks against this sector in 2021. Following in second place, with 31% of attacks, was vulnerability exploitation. Other observed infection vectors included brute force, password spraying and VPN access.
Password management software can prevent users from falling prey to phishing schemes. When a user visits a website for which they have previously created an account and stored the credentials in their password vault, the password manager will display an icon in the browser bar (see image below). This icon indicates that the user has stored account information for this website in their password vault. Conversely, if a user clicks on a link in a phishing email and is directed to a scam site, the password manager does not recognize the URL, and the icon does not appear. This is a red flag for the user, indicating that they are not visiting the site they thought they were.
Password Managers Save Time
Under certain circumstances, multiple employees may need to share access to one account. However, poor password management can cause confusion and result in locked or suspended accounts.
A password manager tool ensures that employees can share account credentials easily and securely, without having to memorize the shared passwords or write them down. The shared passwords are stored in a shared folder, which all authorized employees are given access to.
What Happens If You Don’t Use a Password Management Tool?
Not using a password manager puts your passwords and accounts at risk of being breached by cybercriminals. For example, if a device is infected with keylogging malware, cyberattackers can record all passwords that users type out. Because password managers autofill user login information, there is no key pattern to be recorded.
- 66% of respondents reported a data breach in the past year.
- 69% experienced an attack that got past their intrusion detection system.
- 70% of SMBs report that their employees’ passwords have been lost or stolen in the past year.
What to Look for in a Tool to Manage Passwords
Password managers help businesses prevent data breaches and accompanying financial losses. However, with so many options on the market, it’s easy to feel overwhelmed when evaluating password managers. Let’s break down some of the key features to look for.
Customization & Flexibility
Is the password manager most suitable for an individual user, a small business, or a large enterprise? Prospective users should consider which features they need. Good password managers offer different packages tailored to individual users, families, and businesses of different sizes.
- Personal and family plans: Ideal for individual users and families who are looking for extra online protection.
- Business and enterprise plans: Designed for companies that require accounts for individual employees, plus a control panel where IT administrators can enable and disable accounts, monitor employee password use, run reports, and perform other administrative functions.
Password manager features and benefits can vary widely between vendors. While some features are included in the basic package, others are typically add-ons that incur an additional cost. Common add-ons include:
- Dark web monitoring: Notifies users if their account credentials have been found on the dark web.
- Secure messaging: Hyper-secure enterprise messaging that eliminates the risks associated with data leakage and unencrypted communications.
- Concierge service: 24/7 expert customer service and support.
Multi-Factor Authentication (MFA) Support
For an extra level of security, ensure that the password manager supports multi-factor authentication. When MFA is enabled, users are granted access to a website or application only after successfully providing two or more pieces of evidence to prove that they are who they claim to be. For example, in addition to providing a password, the user may be required to:
- Provide a security code from an email, text message or app.
- Answer security questions.
- Pass a fingerprint or facial recognition scan.
Reading online customer reviews can help businesses find a reputable password manager. For reviews of some of the most popular password management solutions, take a look at Gartner’s reviews on enterprise password managers.
Other methods to help find a credible password manager include:
- Running a penetration test: This is essentially when someone places themselves in the position of an attacker and uses similar hacking software to test the network against attacks.
- Consuming unbiased reviews: Some companies provide affiliate links to influencers and brands in order to “review” their services. These reviews can be biased as a way for the influencer to get a commission. When doing research, keep a lookout for reviewers offering a discount code.
- Reviewing editorial listicles: Tech reviewers associated with a magazine or media platform may be required to follow editorial guidelines and methodologies to produce objective results.
Best Practices for Password Protection
Password managers include a password generator feature, which enables them to automatically create strong, unique passwords for their users. It’s best to always use a password generator, but sometimes, people want or need to create their own passwords – such as when choosing their master password to access their password manager. Follow these tips to create passwords that will be hard for cybercriminals to guess.
1. Don’t Reuse Passwords
Keeper’s Workplace Password Malpractice Report found that 44% of respondents have reused passwords across personal and work-related accounts. If the employee’s personal account is breached, cybercriminals can use the same password to breach their work accounts.
2. Create Complex Passwords
As a way to increase security, sites often require passwords to contain a random combination of lowercase letters, uppercase letters, numbers, and special characters, with no dictionary words. Length also contributes to password’s complexity. Passwords should be at least 8 characters long, and preferably longer.
An easy trick is to use a passphrase instead of a password. Think about random personal life experiences that can create unique sentences, then use the first character of each word to create your passphrase. For example, “My first apartment was at 2630 Hegal Place #42 Alexandria VA 23242” results in the password of Mfawa2630HP#42AV23242.” This password is strong, unique and almost impossible for an attacker to guess – but it’s also easy for you to remember, because you only need to memorize the sentence.
3. Enable Multi-Factor Authentication
Enabling MFA wherever it’s supported ensures that even if a cybercriminal manages to get hold of one of your passwords, it will be useless to them without the additional authentication factor.
How Businesses Can Leverage Password Managers to Enforce Security Best Practices
Business- and enterprise-grade password managers contain administrative features that enable organizations to monitor employee password use and enforce security best practices, including:
- Using strong, unique passwords for every account.
- Not sharing passwords with unauthorized parties.
- Enabling MFA wherever it’s supported.
- Least-privilege access and role-based access control (RBAC).
What Is Keeper Security?
Keeper Security is a password manager that enables individuals, families, and public and private-sector organizations of all sizes to store, generate and manage their passwords for local applications and online services. Keeper prevents data breaches, ransomware, and other password-related attacks by creating high-strength, random passwords for each website, application and service, and storing them in an encrypted digital vault.
In this video, Craig Lurey, CTO and co-founder of Keeper Security, explains how Keeper Enterprise can protect your team.
Benefits of Using Keeper as Your Password Manager
From generating strong passwords to dark web scanning, Keeper offers a variety of solutions for both individual users and businesses.
- Businesses and Enterprises. From small start-ups to multinational corporations, Keeper offers packages for companies of all sizes. Request a demo or quote to see what works for your business.
Personal and Family. Perfect for the social media savvy, everyday internet user who struggles to remember all of their online passwords. Start a free trial to test it out for yourself.
Keeper also offers discounted rates for students, healthcare workers and members of the military. Just be sure to provide verification during checkout.
Protection from the Dark Web
BreachWatch, Keeper’s dark web monitoring tool, scans users’ Keeper Vaults for passwords that have been exposed on the dark web. If it finds a match,BreachWatch will immediately notify the user so that they can change the compromised password.
Easy and Secure Messaging Chat
KeeperChat is a hyper-secure, enterprise messaging solution that eliminates the risks associated with unencrypted messaging. Those working in industries such as healthcare, law, government, finance or any other fields that require strict confidentiality can benefit from KeeperChat.
How to Use Keeper Password Manager
Keeper maintains a wealth of online resources to help IT administrators get the most out of their Keeper deployment.
Keeper’s Quick Start for Small Business Teams is a guide dedicated to teaching admins the inner workings of Keeper’s business subscription service. There, admins can learn how to adjust employee teams and statuses, restrict access, share passwords securely within a team and more.
Keep Your Business Safe with Keeper Security
Keeper offers a variety of packages to fit the needs of any organization. With features including KeeperChat, BreachWatch, KeeperFill and more, business owners, managers and stakeholders can rest assured that employee passwords and company information are secure.
Have more questions about pricing and products? Get in touch with a member of the Keeper team for more information.
Summary: Key Takeaways and Useful Resources
What is a password manager? And why use one?
A password manager is a tool that gives its users the ability to track, store, protect, share and manage passwords for applications and online services. With 70% of SMBs reporting that their employees’ passwords have been lost or stolen in the past year, it’s imperative for organizations to implement cybersecurity tools and best practices to protect themselves from password-related cyberattacks.
Individuals interested in improving their team’s password security should check out The Quick Start for Small Business Teams to learn more.
What should I look for when evaluating password managers?
When evaluating password managers, look for solutions that are flexible and customizable, support multifactor authentication and have undergone ISO 27001 and SOC 2 audits. These three focus areas will help you find a password manager that works for you and your business.
Why should Keeper be your password management solution?
Keeper is an all-in-one solution for securing your business’ passwords and other sensitive company information. In addition to our top-rated password management platform, we offer the following business solutions:
- BreachWatch — a dark web monitoring solution that will notify users if their information is found on online cybercrime marketplaces.
- Keeper Connection Manager — an agentless remote desktop solution, ideal for companies with remote or hybrid workforces.
- Secrets Manager — a cloud-based, zero-knowledge platform designed to protect IT infrastructure secrets, such as SSH keys, firmware passwords, and privileged credentials.
Looking for more information on Keeper? Take a look at our resource center and see why businesses should choose Keeper.
Frequently Asked Questions
Are password managers safe to use?
Yes, password managers are safe, effective security tools that greatly decrease the risk of data breaches, ransomware, and other password-related cyberattacks.
According to research conducted by Security.org, roughly one-third of Americans had their identity or online credentials stolen in the past year – and only 10% were using a password manager at the time.
Can password managers be hacked?
Yes, password managers can be and have been hacked in the past, such as LastPass.
Look for a zero-knowledge password manager, like Keeper. Because Keeper uses zero-knowledge encryption, customer passwords and other information stored in user vaults are encrypted on the device level before being sent to Keeper’s servers. This means that Keeper’s servers never store user passwords or other data in plaintext, only encrypted ciphertext. In the unlikely event that Keeper is ever hacked, threat actors will only be able to retrieve the ciphertext – which is worthless to them.
Additionally, look for password manager companies that maintain current SOC 2 or ISO 27001 audits, and preferably both. You’ll find this information on the password management provider’s website.
How to use a password manager
Users face a learning curve with any new software. A good password management tool has a user-friendly interface.
Depending on the password manager, the setup process may vary.However, most providers use a process similar to the one below:
- Visit the vendor’s website for links to install the browser extension, desktop app or mobile app.
- Create an account and a strong master password.
- Once logged in, explore the password vault and familiarize yourself with its settings and functions.
The master password is the one password users must memorize, since it gives users access to their digital vault. The digital vault allows users to add, edit and manage private information.
Password management tools like Keeper offer extensive user documentation and resources to help users get the most out of their password manager. If the user documentation doesn’t answer your question, reach out to the support team.
What happens if I forget my master password?
If you forget your master password, you may get locked out of your account. Depending on your password manager, there could be the option to reset your account. However, this may not be possible for all password management tools, since the purpose of having a master password is to ensure that it is a single password that is only known to the primary user. This level of security is meant to prevent others from getting access to a user’s vault.
If you get locked out of your vault, expect to reset all of your online passwords. This is why it is vital that once you create your master password, you remember to add a hint that is ambiguous to others, but helpful enough for you to understand.
What’s the difference between a free password manager and a premium one?
Free password managers typically do not include the same features and benefits as a premium account. For example, password managers that offer a free plan don’t support biometric data, such as fingerprint or face ID. Other common premium password manager features include:
- Dark web monitoring — a feature that notifies the user if any account credentials have appeared on dark web cybercrime forums.
- Single sign-on (SSO) — a feature that gives multiple users access to applications with only one set of login credentials.
- Team management and sharing — a feature that allows administrators to share passwords with groups of users and edit team members’ roles and access levels.
What is the best free password manager?
Most password managers offer a free basic package for individual users. Typically, free password managers offer barebones features such as the ability to save passwords in a vault, generate strong passwords and autofill forms.
Since free password manager features differ only very slightly from vendor to vendor, which is the “best” comes down to individual user preferences. Keep in mind, however, that free password managers are significantly limited compared to premium options. For example, most of them allow users to access their vault on only one device.
For IT managers seeking a security solution to protect their companies, password managers like Keeper provide services designed specifically for businesses. Our business subscription plans offer features such as dark web monitoring, role-based access control,, multifactor authentication support, integration with Keeper Secrets Manager and Keeper Connections Manager and more.
Focusing on customer experience alone, Keeper is trusted by millions of people and enjoys high rankings across multiple review sites.
If you are interested in a secure, all-in-one password management solution and want to see how we stack up to the competition, take a look at each comparison page below:
For more information on how Keeper can protect your business, request a demo from a member of our team.