Should you take your password manager off the internet?
How keeping data offline in a closed loop on a self-service model can help shore up all your apps and services
In an ideal world, all your online applications and services would be secured with one unbreakable password that you would never forget. Unfortunately, this is nigh on impossible - which is one reason why password managers such as Passwork have become so popular.
A password manager allows users to generate and store passwords in easily accessible ways, such as on their devices or via a cloud application. At its most basic, a password manager can be used to create unique logins that are harder for would-be attackers to crack. And because they are stored in accessible systems, they’re also more convenient, sparing users from having to remember passwords they create themselves.
The average person has anywhere between 30 and 100 passwords for all the services they access online, many of which are for work. But as creatures of convenience, we often reuse passwords or create ones that are weak and easily compromised. What’s more, even if you create unique passwords for all your applications, it's highly unlikely you’d manage to be able to pull every single one of them out of your brain at any given moment. Both the creation and retrieval of a password can be essentially automated with a password manager.
However, there are three different types of password managers. On-device managers allow users to store details on a single machine, such as a laptop or smartphone. Cloud-based password managers store on a remote server so the information can be accessed via the internet and ‘self-hosted’ password managers allow users to store data on their own servers.
If you’re not sure which is right for you, we’ve looked at cloud and self-hosted password managers, and explored the reasons a business might benefit from the latter.
Cloud vs self-hosted password managers
Password managers allow businesses to sync their passwords across multiple devices that are typically managed centrally by a designated administrator. This also means the organisation can monitor, change and save all passwords used across the company, and that the administrator can also recover passwords, add and remove people from shared password groups, as well as assess the quality of passwords being used throughout the organisation.
There are two ways businesses can run password managers, either via a third party (cloud) orhosting it themselves on their own server. A self-hosted password manager limits the transition of data as passwords are only transferred around the organisation. Nothing is being sent to or from an off-location server. So, effectively the data can be cut off from the internet in a closed loop, and the businesses can reduce the risk to one password – the one you need to access the password manager itself.
To run a self-hosted password manager, a business will need an existing network and infrastructure, or the capacity to purchase it, as well as dedicated members of staff with the technical knowledge and resources to maintain it. This will come with the benefit of having greater control over the data the business holds and tighter security. Plus, it isn’t necessarily dependent on an internet connection, like a cloud-based password manager.
Hybrid working models present one of the best use cases for a cloud-based password manager, as a distributed workforce is able to access their data from anywhere at any time. There is also an argument for those that work in the field, who may have to visit clients and need access to various online applications. And, for IT teams, a cloud-based system can allow them to access multiple services on every laptop within their company, wherever it resides.
However, this constant availability presents ample opportunities for phishing and other types of cyberattack that can compromise passwords and sensitive company data. Self-hosted password managers can allow the same level of remote access as cloud-based services at the business’s discretion, with the additional option of taking things offline if greater security is required.
The case for self-hosted password managers
When it comes to security, self-hosted password managers are a great option for businesses that have extreme privacy or compliance concerns, such as healthcare or financial organisations, or even governments where mass volumes of mission-critical or public data is processed.
Unlike most password managers, Passwork provides a self-hosted service that allows organisations to take full responsibility for their data and completely take it offline, for that extra bit of security. As a service solely aimed at businesses, Passwork is a class apart with its focus on user management, organisation and integration.
The platform also comes with a range of features to help teams collaborate. For instance, it has a search bar where colleagues can find and invite each other to use certain integrated services, or co-workers can also be tagged and brought into other vaults and folders - with all passwords stored in a structured way.
Passwords represent one of our most important, but vulnerable security assets. Services like Passwork that can take password management offline offer businesses an enhanced level of protection and control that is essential for keeping them secure.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!