Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.
Passwords are a security weak link, but these products help shield passwords from attackers
We looked at six products: Kaspersky Pure, LastPass Enterprise, Lieberman Enterprise Random Password Manager, Agilebits 1Password, RoboForm Enterprise, and TrendMicro DirectPass. All use a master password vault to store information in encrypted form. And (except TrendMicro) can generate a complex password and insert it into the login process so users don't have to try to come up with something on their own.
LastPass Enterprise offers excellent price/performance and boasts strong management features. LastPass also has the widest desktop and mobile platform support of any of the products we tested. This is the policy screen:
The LastPass notification system includes many canned messages that can easily be customized. LastPass also has a separate management console. LastPass is free for the individual user, so IT managers can easily check it out and see how it works. Once you are ready to upgrade to the enterprise version, you can start a free two-week trial, after which it will cost you $24 per user per year.
Lieberman Enterprise Random Password Manager
Lieberman has the best features for local server password management, and the Lieberman tool was the only one in our tests that worked flawlessly. Here is Lieberman’s main dashboard.
Lieberman Enterprise Random Password Manager
ERPM handles passwords on Windows, IIS, SQL Server and Oracle database accounts, SharePoint, Directory Services, Linux and other major platforms, both physical and virtual servers. It works with configuration management repositories such as CA, IBM and BMC's CMDB software and with system management tools such as Microsoft System Center, HP Operations Center and Arcsight.
Kaspersky’s Pure offers a basic password manager as part of a larger suite that includes other security tools. The downside is that it is Windows only, which means you can’t sync your vault with non-Windows devices.
Pure has modules that improve browser security, and this is probably more of a reason to purchase it than just for password protection and management. For example, the SafeMoney module sets up protected browser sessions for online banking and ecommerce sites, and another module can securely erase your browser history or analyze your Internet Explorer settings. Pure also supports a wide variety of browsers.
1Password is a consumer-focused product that allows you to store more than just passwords in your vault. 1Password has numerous security options, including the ability to automatically lock the vault after inactivity or when the screensaver comes on.
One of the biggest advantages with 1Password is that it has an extensive collection of things that it can protect inside its vault, including credit card numbers, text notes, and software license information, along with the login identities. Everything in the vault can be accessed on every other platform, which is very convenient. You can also add file attachments to each login record.
RoboForm has a nice balance of enterprise features and strong bulk password management, but we had some support issues. The product has the second widest mobile OS support, including iOS, Android, BlackBerry, and Windows Phone. It supports Chrome, IE, Firefox and Opera browsers and has a status screen showing you which browser plug-ins have been installed.
The Enterprise version of RoboForm includes the ability to recover any of your user's master passwords, because they are stored encrypted on a network share. This is something most of its competitors currently lack. It also has the ability to bulk import AD users to help with the initial setup. RoboForm is mostly accessed via its browser plugin.
Like the other consumer-grade tools, DirectPass has no enterprise management features. It also had the fewest overall features and the most issues in its use, and we would recommend that you wait until its next release before seriously evaluating it. For example, of the six products tested, it was the only one that didn't include a password generator.
DirectPass synchronizes your vaults through its own cloud-based service, which is simple. Its vault can contain text files and also general Web form data. You can force the synch through buttons on the interface, or it should automatically do so when you bring up the software.