Remembering all those complex logins for all those services we all now use can feel like a mental marathon. Luckily, password managers act as secure vaults for all those digital keys. But with countless options available, choosing the right one can be overwhelming. We want everyone to use Secret Chest. Actually, that's not right. We want everyone who should to use Secret Chest. For those who need things we don't do, we'd rather them use something else that best matches thir requirements. There's a reason multiple tools exist in an ecosystem like secrets management - and if someone isn't a good fit, we end up being a pain for them, and they can be a drain on our resources.
The core of any good password manager is its rock-solid security. Here's what to look for:
Military-grade encryption: AES-256, the gold standard, ensures your passwords are scrambled beyond recognition, even if hacked.
Zero-knowledge architecture: The company shouldn't have access to your master password or stored data, putting you in control.
Multi-factor authentication (MFA): An extra layer of security, requiring a second verification step like a fingerprint or a one-time code.
Regular security audits: Look for a manager that undergoes independent security assessments to identify and patch vulnerabilities.
Security is paramount, but a good password manager should also be a breeze to use:
Seamless password autofill: Automatic login on websites and apps saves you time and prevents typos. Luckily, anyone using the Apple auto-fill plugin just kinda' gets this part for free, so that's just table stakes at this point.
Strong password generator: No more scrambling for secure passwords! Generate random, complex ones with ease. This was surprisingly the easiest part of our code to write. What wasn't easy was how to shard those generated passwords, how to distribute shards with or without Wi-Fi, how to calculate entropy, how to build a pretty display for generated passwords, or how to build a policy engine to proactively and reactively validate password objects. But who's keeping track (obviously, we are).
Cross-platform accessibility: Access your passwords across all your devices, whether desktop, mobile, or browser. We don't do this. We're currently an Apple product, so if this is something required, we're not the tool to use. No offense to other platforms, we'd just like to perfect our product for Apple before we consider Android, Windows, etc.
Password sharing (securely): Share logins with trusted individuals with granular control over permissions. We offer standard sharing and multi-peer sharing.
Breach alerts: Get notified if any of your saved passwords appear in data breaches, prompting immediate action. We use https://haveibeenpwned.com for this.
Emergency access: Grant a trusted contact access to your passwords in case of an emergency (or an issue that means that's required permanently).
Secure notes and document storage: Expand your vault beyond passwords to safely store sensitive documents and notes.
Specific tooling: Some password managers have options for certificate lifecycle management (1Password does a great job at this), SSH agents, Git integration, and more. A lot of these are things people in IT need. The reason for that is that people in IT are often the buyers of their tools, not the people that the people in IT support. So the needs of IT professionals make an outsized impact on roadmaps, because that's who shows up to a Customer Advisory Board, or CAB. Ultimately it's about productivity.
Policy-based management: This includes things like forcing a password to unlock vaults - sometimes in ways that can be pushed out from a central console like a Windows Active Directory domain or an MDM tool for Apple deivces. We go a step beyond using a third party tool and actually make that into our product.
Integration with identity products: This is a company thing. But we support any OAuth IdP as well as a SCIM bridge we host for customers (although we welcome customers taking that bandwidth themselves by bringing their own SCIM bridges!).
Telemetry: Stream login or password unlock events to a SEIM. Another company feature. We are happy to turn the firehose on and send you every webhook imaginable. Be careful what you ask for!
Browser extensions: We currently work with Safari and the core operating system. We'll build a Chrome extension if people ask us to - but haven't done so yet because no one has. If that's an immediate requirement, consider the built-in tool in Chrome (or Chrome Enterprise), as it's kinda' awesome. Another reason we haven't built one...
With so many features, choosing the right manager can feel daunting. Consider your needs and prioritize features that matter most to you. Do you value simplicity or comprehensive security? Do you need cross-platform access or browser extensions? Need higher levels of security and encryption? Need to pipeline devops workflows? It all matters. And sometimes the smallest miss will piss off entire groups at a company.
So identify priorities, research and compare different managers, read reviews, watch demos, and take advantage of free trials to find the one that feels tailor-made for any given organization. And remember that a good password manager is an investment in digital security AND productivity. The productivity thing is missed a lot. They are supposed to make us work faster. Choosing one that's both secure and convenient should help shed the burden of remembering countless passwords and unlock a world of worry-free online interactions. Especially when paired with a great IdP at companies! Hopefully this helps to find the password manager that's a perfect fit! If not, hit us up in our online chat (the button's at the bottom right of the screen). We'll be happy to point you in the right direction if we're not the best fit!
Comments