Passwords are a security weak link, but these products help shield passwords from attackers
For enterprises trying to get a handle on password management, the good news is that there are products that can help implement stronger password policies for end users logging into corporate and personal Web-based services, as well as for employees who share a local server login.
The goal here is to make the password process more secure, and also to let users login to particular resources without having to remember all of their individual passwords.
We looked at six products, ranging from consumer-oriented to enterprise-only. They are: Kaspersky Pure, LastPass Enterprise, Lieberman Enterprise Random Password Manager, 1Password, RoboForm Enterprise, and TrendMicro DirectPass. (Watch the slideshow comparing the products.)
All of these products use a master password vault to store all their information in encrypted form. And all but TrendMicro have a way to generate a complex password and insert it into the login process so users don’t have to try to come up with something on their own. This makes life easier for end users and also eliminates the security problems associated with users picking one password for all their logins.
To be included in this review, each product had to have the ability to synchronize passwords across a different collection of clients and servers. For Lieberman, this means synchronizing the logins to internal servers across multiple users who want to share the same password. For the other products, it means having the same user with multiple devices keep track of passwords for Web services.
Because we included such a variety of tools, we can’t directly compare the products and didn’t score the software programs or declare an overall winner. But here are the highlights:
Click to see: Pricing chart
LastPass Enterprise offers excellent price/performance and boasts strong management features. LastPass also has the widest desktop and mobile platform support of any of the products we tested.
Lieberman has the best features for local server password management, and the Lieberman tool was the only one in our tests that worked flawlessly.
Kaspersky’s Pure offers a basic password manager as part of a larger suite that includes other security tools. The downside is that it is Windows only, which means you can’t sync your vault with non-Windows devices.
1Password is a consumer-focused product that allows you to store more than just passwords in your vault.
RoboForm has a nice balance of enterprise features and strong bulk password management, but we had some support issues.
TrendMicro’s software is the least developed, although the next version is expected to fix many deficiencies.
Here are the individual reviews:
Kaspersky Pure
Like other traditional anti-virus vendors, Kaspersky is getting into the password management game. Kaspersky has two products for password management. One is its Password Manager stand-alone software that sells for $25. This doesn’t include the ability to synchronize your password vault (although the vendor promises to include it later this fall).
We decided to review Pure, which is Kaspersky’s security suite. Pure includes a variety of tools, including anti-spam, backup, parental controls, data encryption, advanced browser protection and password manager. This latter module does synchronize passwords using the cloud-based accounts maintained on Kaspersky’s website.
The Pure password manager covers the basics well, with a complex password generator and options to close the vault automatically after the PC has been idle. You can also store text notes and contact information in the vault.
Pure also has modules that improve browser security, and this is probably more of a reason to purchase it than just for password protection and management. For example, the SafeMoney module sets up protected browser sessions for online banking and ecommerce sites, and another module can securely erase your browser history or analyze your Internet Explorer settings.
Pure will run on Windows 8 in addition to earlier versions back to Vista. The password manager module is only for 32-bit PCs, however. On the other hand, there is a long list of supported browsers, some of which we have never even heard of. Given its Windows-focus, this means that the synchronization feature is of limited value since you can’t transport your vault to your smartphone or move between Macs and Windows PCs. Pure is priced at $65 for licensing on up to three PCs.
LastPass Enterprise
LastPass is an enterprise-grade product that comes with a separate management console. This software is Web-based, which is also a nice touch. It comes with the widest collection of clients supported, ranging from Windows (including both 32-bit and 64-bit and from XP to Windows 8) to various smartphones. There is also a Web client where you can view your password vault contents. It also combines the best features of a consumer product with a solid enterprise flavor.
The best enterprise security products have flexible policy creation and administration tools, and this is the case here. For example, you can set up a policy to override the default auto logoff protections for PC shutdown, or when in screensaver mode, or when idle, or when the computer is locked. There are dozens more policies to choose from, including support for multifactor tokens such as Yubikey, its own “Sesame” tool, and Google Authentication one-time passwords. You can also strengthen your online access to your vault by restricting access to specific countries, and excluding any access from anyone using the Tor file-sharing network.
You can also federate your LastPass logins across other cloud services such as WordPress, Salesforce.com, Box and others using SAML. There is a long list of potential notifications that can be setup, including users who have a certain number of duplicate or blank passwords. These come with pre-written warning messages that can be easily customized for your circumstances. The tool also has a few simple reports available from the admin console. There is API access to its reporting engine, which is a nice touch.
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com