The 6 best password managers for business

What’s a password manager?

A password manager is a program that stores passwords and logins for various sites and apps, and generates new strong passwords when a user needs to change an old one or create a new account. Users can sign into a password manager with a single strong password or by using biometrics, and access all their login information.

Most password managers allow users to sign in on multiple devices (including Macs, Windows machines, and iPhone or Android smartphones) and work with multiple browsers (including Chrome, Firefox, Safari and Microsoft Edgfe) to automatically fill in username and password info, storing encrypted password information and facilitating secure synchronization between devices. And while these tools got their start in the consumer world, most offerings now have editions aimed at businesses with enterprise features.

Is a password manager a good idea?

While it may seem counterintuitive at first to entrust security to a single password manager app accessed by a single password, using a password manager is in fact a very good idea. Most people have difficulty remembering more than one strong password, so they often end up either reusing a password across sites—meaning that a hacker who discovers the password can go on a break-in spree—or using weak passwords that are easy to defeat by brute force.

A password manager will autogenerate random new strong passwords for all of a user’s accounts, and users can access their various account credentials using either a single strong password, multifactor authentication or a passwordless security model.

Business password manager: 4 features to look for

A password manager isn’t just a boon for individual users; it can boost the security of enterprises as well, and there are a number of business-focused features that you should look for if you’re aiming to roll one out for your company:

Administrative capabilities for managing multiple users and applications. Some offerings include capabilities to automatically provision and de-provision user access to applications based on their group membership. Tools to manage password policies are a must-have and should include the ability to manage complexity rules and change requirements.

Interoperability with enterprise software and networking. You’ll want the ability to synchronize with LDAP or Active Directory, or the option to leverage authentication from cloud services like Office 365 or Google Workspace, to streamline deployment of the password manager to your users. This enables streamlined management, which isn’t so much of a convenience feature as it is enhancing security by automatically removing access when an employee leaves the company or changes job roles.

Advanced authentication capabilities. We’re talking about the ability to handle authentication using the Security Assertion Markup Language (SAML) standard, a step above simply filling login form fields, and dynamic authentication policies that evaluate variables surrounding an authentication attempt making sure users are using a registered device or are attempting to log in from an accepted geographic location, ultimately deciding if additional authentication measures should be applied or if the attempt should be denied. Some vendors even support capabilities like password management for VPN software, on-premises apps, or integration with RADIUS servers.

Audit logging, reports, and alerts are key capabilities for a password manager focused on business users, whether you’re monitoring app usage, auditing administrative actions, or simply looking to get a read on what passwords are weak, have been re-used, or are due to be changed. Most password management services can identify credentials that are known to be compromised or correlate to a service that is known to have been breached and haven’t been changed. Password managers are also sometimes used to provide access to an application to multiple users with the same set of credentials; normally, this prevents auditing processes within that application from identifying who performed an action, but a password manager can to track and report on which users accessed an application at a particular date and time. Alerts can help keep you in the know about known compromised accounts, when user accounts are locked, or potentially when anomalous behavior is detected.

Support for accessing passwords programmatically with scripts. Many features of password managers focus on end users and fixing bad habits, but often users are highly technical individuals with very different use cases. Both software developers and IT pros have use cases that require ultra-secure authentication such as SSH or API keys. Secrets management is a real concern in the DevOps world, as hard-coded credentials are almost as bad as those stored in plain text. The same is true for admins accessing resources secured by SSH keys, which are becoming more prevalent as businesses extend their footprint into the cloud. Command-line tools or the ability to access password vaults using an application programming interface (API) are common methods password management tools can offer to securely retrieve passwords from your vault, but secrets management could also involve native support for common tools like Kubernetes or Ansible.

What is the best password manager?

Which vendors offer password management for businesses and bring enough features to the table to warrant consideration? Here are the ones worth looking at.

1. 1Password
2. Bitwarden
3. Dashlane
4. Keeper
5. LastPass
6. Securden

1Password

1Password is one of the more established names in the password manager arena, and in addition to their personal password management services they also offer solutions for teams, business, and enterprise. The 1Password business tier starts at $7.99 a month per user, and offers an administrative console, policy-based security, and centralized reporting. Key features for the enterprise plan include proactive analytics for threat reporting and even Splunk integration. Enterprise users also gain integration with existing identity and access management (IAM) providers like Okta, Azure AD, and OneLogin for automated provisioning. Using IAM credentials to unlock your 1Password vault is currently supported for both business and enterprise users for Okta, with support for Azure and Duo coming soon. Enterprise customers also have options in regard to data residency, and also gain several industry standards for data protection and encryption.

Developers and admins will gain significant value from 1Password’s Secrets Automation. Common values such as API tokens, credentials, private certificates, and SSH keys can all be protected and accessed conveniently within existing workflows. Secrets can be efficiently integrated into workloads leveraging Ansible, HashiCorp Terraform, Kubernetes, and even projects using Go, Node.js, and Python. These secrets also receive all the benefits you gain from 1Password: logging and auditing, granular access control, and automatic change synchronization between different users.

Bitwarden

Bitwarden is developed on the premise that there is inherent strength in open-source software. Each component of Bitwarden’s service is available on GitHub for public review. Bitwarden also allows customers to self-host rather than forcing the use of their cloud service. Bitwarden offers two pricing tiers for business use: Teams ($3/month/user) and Enterprise ($5/month/user). Teams customers have access to password vaulting and secure sharing, as well as MFA capabilities with Yubikey, FIDO2, Duo, Email, and Bitwarden Authenticator. Teams users also have access to Bitwarden APIs and the Command-Line Interface (CLI). Bitwarden’s directory connector is also available for Teams users.

Bitwarden Enterprise facilitates SCIM-based provisioning and custom roles, security policies, and SSO integration. Users of Bitwarden Enterprise also gain access to Families plans for users to manage their personal credentials. Secrets Management is an area where Bitwarden is just starting to fully support as their Secrets Management offering is in open beta with pricing to be announced later.

Dashlane

Dashlane is another popular password manager choice for personal use that successfully bridges the gap to the business world. Like 1Password, Dashlane offers both a teams and business tier, for $5 or $8 monthly per user, respectively. All users have secure sharing capabilities, audit logs, and monitoring for credential exposure on the dark web. As a bonus teams or business users can use Dashlane’s VPN for extra protection while using public Wi-Fi. Dashlane business users receive free access to Dashlane’s friends and family plan for personal use, which includes support for up to 10 family members.

Aside from a suite of administrative management tools and reporting capabilities, Dashlane also supports both provisioning and de-provisioning of apps (including remote removal of company credentials). Dashlane also offers SAML-based single sign-on (SSO) for users of their business tier, directory integration, and policy-based management. Dashlane business users have access to monitoring features for employees across their organization, even those that don’t have Dashlane accounts.

Keeper 

Keeper Security brings several relevant tools to the business password manager space. Keeper’s pure business password manager comes in three service levels: business starter, business, and enterprise ($24 and $45 per user annually for the two business tiers, with enterprise pricing requiring a quote from the Keeper sales team). Not only does Keeper boast the most popular mobile apps of any password manager by a wide margin but their service tiers and add-ons compare well with any other password management suite in this space. Business starter customers have full policy enforcement, team management, basic two-factor authentication, and free family plans for every user. The full business tier adds delegated administration (meaning full administrators can offload some of their duties to sub-administrators or supervisors), advanced organizational structure capabilities, and administrative control over sharing. Enterprise customers get all the advanced features: advanced two-factor authentication with Duo and RSA, SSO with SAML integration, automated team management, integration with Active Directory and LDAP, SCIM provisioning, and much more.

In addition to standard password management tools Keeper offers Secrets Manager, which focuses on the needs of IT and DevOps team members. Secrets Manager leverages RBAC (role-based access control) to protect secrets of all sorts while simultaneously making workflows more efficient. Keeper offers integrations with existing infrastructure and CI/CD pipelines (Ansible, Docker, Github Actions, GitLab, Jenkins, PowerShell, Azure DevOps, and Terraform). Password rotation is also made easy using Secrets Manager and Keeper Commander, which allow to automate periodic password changes on AWS, Active Directory, Azure, SSH, Unix, Windows, and a variety of database platforms.

For enterprise users looking to cover all their bases in one package Keeper offers KeeperPAM (privileged access management), which incorporates the Keeper enterprise password manager, Secrets Manager, and Keeper Connection Manager (which offers secure, monitored connectivity through a variety of protocols – RDP, SSH, VNC, SQL).

LastPass

LastPass has long been one of the most well-known password managers on the market. While they’ve certainly been the target of deserved negative press recently, LastPass remains a popular choice for many. LastPass offers their teams tier for $4 monthly per user for up to 50 users, or their business tier for $6 monthly per user. Teams users get access to a limited set of security policies, passwordless capabilities using LastPass Authenticator, dark web monitoring, and standard two-factor options. Business customers gain access to over 100 security policies, advanced reporting, and directory integration and federation from a wide range of on-premises and cloud-based identity sources. Business users also have access to LastPass APIs and integration with SIEM platforms. One major limitation of the business tier is that SSO capabilities are limited to three cloud apps. The Advanced SSO add-on runs an additional $2 monthly per user but enables SSO to unlimited applications. LastPass also offers advanced MFA for $3 monthly per user, which enables adaptive MFA policies including adaptive passwordless capabilities.

Securden

It may not have the name recognition as some of the other solutions on this list, but Securden brings a robust set of features that compares well with any other vendor on this list. To begin with Securden offers their starter tier for free for up to 5 users, bringing MFA, user roles, and secure sharing. Users of the teams tier adds AD integration for provisioning and authentication, as well as SSH key management. Securden’s enterprise service level brings several key features including SAML-based SSO, RBAC, SIEM integration, and password policies. Securden also has an enterprise PAM solution that further enhances their password management capabilities. It can manage accounts that are part of the enterprise infrastructure including server or database accounts, or those in Active Directory or on network devices. Securden’s PAM capabilities facilitate privileged account discovery and management, automated password rotation, and can enable approval workflows.