Should you take your password manager off the internet?

A padlock sitting on a laptop keyboard

In an ideal world, all your online applications and services would be secured with one unbreakable password that you would never forget. Unfortunately, this is nigh on impossible and it’s why password managers, such as Passwork, have become so popular.

A password manager is a type of software that allows users to generate and store passwords in easily accessible ways, such as on their devices or via a cloud application. At its most basic, a password manager can be used to create unique passwords that are harder for would-be attackers to crack. And because they are stored in accessible systems, they’re more convenient to users when logging on to their online services, sparing users from having to remember ones they create themselves.

The average person has anywhere between 30 and 100 passwords for all the services they access online and it's likely that many of those are for work. And as creatures of convenience, we often reuse passwords or create ones that are weak and easily compromised. What’s more, even if you managed to create unique passwords for all your applications, it's highly unlikely you’d manage to be able to pull every single one of them out of your brain at any given moment. Both the creation and retrieval of a password can be essentially automated with a password manager.

However, there are three different types of password managers. ‘On-device managers’ allow users to store data on a single machine, such as a laptop or smartphone. Cloud-based password managers store on a remote server so that it can be accessed via an internet connection and ‘self-hosted’ password managers work similarly while allowing users to store them on their own servers.

Here we look at cloud and self-hosted versions of password manager and explore the reasons a business might benefit from the latter.

Cloud vs self-hosted password managers

Password managers allow businesses to sync their passwords across multiple devices and they are usually managed centrally by a designated administrator. This also means that the organisation can monitor, change and save all passwords used across the company. The administrator can also recover passwords, add and remove people from shared password groups, as well as assess the quality of passwords being used throughout the organisation.

There are two ways businesses can run password managers, either via a third party (cloud) or they can host it themselves on their own server. A self-hosted password manager limits the transit of data as passwords are only transferred around the organisation. Nothing is being sent to or from an off-location server. So, effectively the data can be cut off from the internet in a closed loop, and the businesses can reduce the risk to one password – the one you need to access the password manager itself.

To run a self-hosted password manager, a business will need an existing network and infrastructure, or the capacity to purchase it, as well as dedicated members of staff with the technical knowledge and resources to maintain it. This will come with the benefit of having greater control over the data the business holds and tighter security. Plus, it isn’t necessarily dependent on an internet connection, like a cloud-based password manager is.

Hybrid work models perhaps present one of the best use cases for a cloud-based password manager, as a distributed workforce can access their data from anywhere at any time. There is also an argument for those that work in the field, who may have to visit clients and need access to various online applications. And, for IT teams, a cloud-based system can allow them to access multiple services on every laptop within their company, wherever it resides.

However, this constant availability presents opportunities for phishing and other types of hacks that can compromise passwords and other more sensitive company data. Self-hosted password managers can allow the same level of remote access as cloud-based services at the business’s discretion, with the additional option of taking things offline if greater security is required.

The case for self-hosted password managers

When it comes to security, self-hosted password managers are a great option for businesses that have extreme privacy or compliance concerns, such as healthcare or financial organisations, or even governments where mass volumes of mission-critical or public data is processed.

A screenshot of Passwork's password manager

Unlike most password managers, Passwork provides a self-hosted service that allows organisations to take full responsibility for their data and completely take it offline, for that extra bit of security. As a service solely aimed at businesses, Passwork is a class apart with its focus on user management, organisation and integration.

The platform also comes with a range of features to help teams collaborate. For instance, it has a search bar where colleagues can find and invite each other to use certain integrated services, or co-workers can also be tagged and brought into other vaults and folders. And, all passwords are stored in a structured way.

Passwords represent one of our most important, but vulnerable security assets. Services like Passwork that can take password management offline offer businesses an enhanced level of protection and control that is essential for keeping them secure.

Learn more about Passwork’s self-hosted password manager

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.