Is Apple taking a bite out of the password management market?

The word password with passwords behind it
(Image credit: Future)

Apple’s recent announcement of its standalone password manager at WWDC 2024 is a call to action for every Apple user to upgrade their password practices and prioritize the creation and secure storage of the credentials that protect their most sensitive assets. If the regular headlines of account takeover attacks leading to data breaches and serious financial impacts for organizations aren’t enough, Apple’s announcement further validates how vital effective password management is in safeguarding accounts and sensitive data from dangerous cybercriminals. From individuals to multinational corporations, a secure password manager serves as a critical frontline defense against prevalent cyber threats that pose significant risks to organizations in the UK and around the world.

As Small and Medium-Sized Businesses (SMBs) are increasingly targeted by opportunistic cybercriminals, maintaining strong cybersecurity practices is paramount. However, while Apple's new password manager will undoubtedly bolster security for consumer users seeking a base-level solution, and surpasses previous functionalities offered by iCloud Keychain, it lacks the features, cross-platform functionality – and perhaps most importantly – the robust enterprise-grade protection provided by leading password managers currently on the market.

Keeper Security’s 2024 Future of Defense report highlights that 95% of IT leaders believe cyber attacks are becoming increasingly sophisticated, with password-related attacks emerging as one of the top five fastest-growing threat vectors. This underscores the pressing need for comprehensive password management solutions, particularly for SMBs. A device manufacturer’s default solution simply does not encompass the essential advantages of purpose-built business solutions, including:

Craig Lurey

CTO and Co-founder of Keeper Security.

Enhanced security:

Advanced password managers leverage robust encryption models to securely store, protect and share passwords, passkeys and other sensitive data across all applications and online services. Top-tier password managers often hold security designations like SOC2 attestation and an ISO27001 certification, proving their adherence to the highest security standards in the industry. A free consumer product without these certifications is lacking the robust security necessary to mitigate the risks of cyber attacks against organizations in the increasingly dangerous threat landscape.

Increased productivity:

By streamlining credential and file management, enterprise-grade password management solutions significantly reduce helpdesk costs associated with password resets and access issues – for businesses of all sizes. Employees can focus on their core tasks without being bogged down by frequent password-related issues.

Secure file sharing:

A robust enterprise password management solution facilitates secure file sharing among team members. With encrypted storage, granular permission controls and secure file transfer protocols, organizations can ensure that only authorized personnel access sensitive documents. Features like audit trails provide visibility into file access and changes, enhancing accountability and compliance. This secure approach allows for seamless collaboration without compromising data integrity.

Cross-platform accessibility:

Users can access their password vaults through a web application, desktop app, browser extension or mobile app. Importantly, a dedicated business solution functions across all devices, browsers and operating systems to meet the needs of a modern, distributed workforce. This is a key benefit absent in password management systems tied to a specific operating system or device, allowing for seamless integration into diverse IT environments.

Administrative oversight:

Administrators have the capability to monitor password and secrets usage, seamlessly integrate with their current identity stack and enforce role-based policies for platform access. Centralized control guarantees consistent adherence to security protocols throughout the organization and enables admins to enforce password policies, such as password length or the use of MFA, which provide a critical frontline defense against cyber attacks.

Dark web monitoring:

Organizations must identify breached passwords via dark web monitoring, in real time, to safeguard their networks and systems against prevalent cyber threats such as password stuffing and spraying attacks. Prompt detection and rotation of these passwords enable businesses to proactively prevent potential security breaches.

Integration with single sign-on (SSO):

Integrating with SSO products such as Entra ID, Okta, Ping and Duo is critical for SMBs. While SSO solutions help with authorization and convenience, they aren’t a standalone cybersecurity solution and leave dangerous security gaps that cybercriminals can exploit. Hundreds of thousands of cloud and native applications do not support SSO, but integrating SSO with a business password manager covers all login scenarios to ensure that every account is protected with the highest level of security.

Advanced capabilities for growing organizations:

Medium to large SMBs with complex IT infrastructures gain significant advantages from advanced capabilities such as infrastructure secrets management, automated password rotation, integration with third-party CI/CD systems and secure remote access to machines. These functionalities promote scalability and establish robust security measures crucial for business expansion.

Conclusion

While Apple’s new standalone password manager marks a positive step forward, SMBs need more comprehensive solutions to address their unique challenges and security requirements beyond what Apple Password Manager provides. A robust password management solution not only strengthens security but also boosts productivity, ensures cross-platform accessibility and provides advanced administrative and integration features. In today's dynamic cybersecurity landscape, where cybercriminals are increasingly targeting smaller entities with sophisticated attacks, investing in a dependable, manufacturer-agnostic password manager is a critical element for any SMB's cybersecurity strategy.

We've featured the best password generator.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

TOPICS

Craig Lurey is CTO at Keeper Security