Zoho Vault - Beginners Guide

Password management software

Learn the ABCs of how to manage passwords

  • Introduction

    This guide is an attempt to help individuals and companies find answers to all their questions related to passwords and password management software. It will help them understand why passwords are still the easiest and most reliable method of authenticating, sharing, managing, and securely storing passwords, and other security aspects of its use in business. There are four parts to this beginner's guide: an introduction to password management software, different types of password managers, relevant laws, and a quick overview of its application in various domains.

    The basics of password management software

    01Introduction

    Why password-based authentication still rules?

    What is password hygiene?

    What makes a password strong?

    What is password management software?

    How does it work?

    Features

    02Options

    Cloud-based

    On-premises

    Enterprise

    Open-source

    Password manager vs privileged identity/account manager

    03Legality

    What are the current laws related to password management?

    05About Zoho Vault

  • Why password-based authentication still rules?

    Passwords are one of the primary methods of authentication used globally to protect data and accounts from unauthorized access. Security experts are trying hard to kill passwords with biometrics, digital certificates, etc for more than a decade now for various reasons. However, passwords still remain as one of the most reliable and commonly-used methods of authentication for its ease of use, affordability, and uncomplicated administration. With appropriate user education and awareness, password-based authentication provides highly effective and adequate protection over other methods.

  • What is password hygiene?

    Passwords are the first line of defense for your online accounts. Password hygiene is a set of best-practices that individuals and companies should follow to protect their data and stay secure.

    •  Use a strong and unique password for each website
    •  Store passwords in an encrypted vault
    •  Identity weak passwords and replace them with stronger ones
    •  Never share passwords insecurely via email, spreadsheets, word of mouth, sticky notes, etc.
    •  Always change your passwords after a data breach
  • What makes a password strong?

    A strong password should be hard to guess and break even with advanced brute force techniques. We recommend all your passwords meet the below criteria:

    •  Should be a minimum of 12 to 14 characters in length
    •  Should be a mix of numbers, special characters, capital letters
    •  Isn't a dictionary word
    •  Should never be an easy to remember combination of words such as your name, pet's name, date of birth
  • What is a password management software?

    To facilitate and automate the password management best practices, individuals and businesses need software that can help them securely store, share, and manage passwords. They can also bolster the overall security, privacy, and productivity in their day-to-day operations.

  • How it works

     

    All passwords are stored in a centralized encrypted repository and locked with a master password

     

    Access to passwords is controlled based on job roles and responsibilities

     

    Weak and reused passwords are randomized, and changed periodically with the help of a password generator and organization-wide password policy

     

    Users are empowered to share passwords securely with different levels of access permissions

     

    Administrators get a clear picture of who accessed which password and when with round the clock with audit trails

     

    Administrators can also forcefully acquire the enterprise passwords from employees when they are leaving the company on bad terms

    All ensuring complete data security and privacy to the company's confidential data

  • Some of the key features of password management software include:

     

    Encryption

    Ability to encrypt passwords and other confidential data with industry-standard encryption like AES-256.

    01

     

    Secure data transfer

    Provision to transfer data only through secure communication channels via SSL/TLS.

    02

     

    Password generator

    A simple and powerful password generator that helps users to generate a strong and unique password for each app based on internal password policy.

    03

     

    Multi-platform support

    Help users access the service from any device, operating system, and browser without any additional requirements.

    04

     

    User management

    Administrators should be provided with a powerful dashboard to carry out operations like user import, set user roles, policies, and grant and terminate user access.

    05

     

    Fine-grained sharing

    Users should be able to share passwords with different levels of password sharing permissions: view, modify, manage, one-click access only

    06

     

    Quick login

    Helps users quickly log in to their everyday apps and websites in a single click.

    07

     

    Browser extensions

    Provide browser add-ons to perform the basic operations from the extension without logging into the service every single time.

    08

     

    Mobile apps

    Option to view, share, and manage passwords from anywhere.

    09

     

    Integrations

    Works with identity providers and popular apps, and also offers APIs for custom integration.

    10

     

    File storage

    Option to store confidential documents apart from passwords.

    11

     

    Audit trails

    Comprehensive audit trails on user access and activities 24/7

    12

     

    Compliance

    Adheres to all the latest privacy laws like the GDPR, ISO 27001, SOC 2 Type 2, and offers the highest level of data security and privacy for users' data.

    13

  • Various password management software options

    Password management software can be used for both personal and business, and is generally classified into six types based on the deployment, licensing, and customer type as listed below:

    Personal

    Designed for use by individuals with basic features like password storage, strong password generator, auto-fill passwords, expiration alerts, and offered at low prices. They generally lack administrative capabilities and comprehensive audit trails.

     
     

    Business

    These are built for use by businesses of different sizes and types. The primary requirements are a powerful admin dashboard, password policy enforcement, and user behavior monitoring. Additional requirements include multi-factor authentication, reports, IP restriction, alerts, and notifications.

    Cloud

    In this model, the software is delivered as a service (SaaS). It will work well on all platforms with a standard internet connection. Many new generation companies prefer this model, since it doesn't cost them much on infrastructure, setup, and maintenance. Licensing will be based on the number of users, who will be billed either monthly or annually.

     
     

    On-premises

    Here, the software is installed on the customers' servers and maintained by them periodically. This option requires each user to install the software on their machine locally and access the service from their browser. Technically, this model works like a client-server. Licensing options are offered annually or perpetually along with additional maintenance costs.

    Enterprise

    Here, the software is feature-rich and can be customizable based on the organization's requirements. Enterprise-grade password management solutions can also be automated and tightly integrated with the applications the company already uses. Customers are charged separately for each service, including consultation, on-site implementation, and periodic maintenance.

     
     

    Open-source

    Here, the password manager's code is exposed to the public and offered free of cost. Companies with a strong in-house development team and tighter budget opt for this model.

    Password management vs privileged account management solutions

    Though the core functionality of both the products is around password vaulting and management, they cater to the needs of different markets and user segments altogether.

     
  • Password ManagerPrivileged Account Manager
    Used by everyone in an enterpriseUsed only by IT admins/privileged users
    Password VaultPrivileged accounts discovery and password vaulting
    Secure password sharingSecure sharing of privileged IT administrative passwords
    Automatic reset of website passwordsAutomatic reset of passwords of servers, databases, network devices, and other resources
    Control access to shared web accountsControl access to IT resources and applications based on roles and job responsibilities
    Launch direct connection to websites and cloud appsLaunch direct connection to remote IT resources, websites, and applications
    Comprehensive audit trails on who accessed which password and whenVideo record & audit all privileged access
  • Password management vs single sign-on solutions

    Both solutions offer the same convenience to users: The ability to log in to the product once with a single password and log in everywhere else in a single click. Here are the key differences:

     

    Password ManagerSSO Solution
    Password-based authenticationTrust-based authentication (leverages SAML/LDAP)
    Works well with all websites and most applicationsWorks only with enterprise-grade apps
  • Legality

    Apart from the security and productivity features, companies should also think about the legal and regulatory compliance during their software evaluation process. All these laws require companies to control access to critical data, which can be done with the help of a password manager.

  • What are the current laws related to password management?

    NIST

    The National Institute of Standards and Technology is a non-regulatory federal agency that promotes innovation and competitiveness of US-based companies. Compliance with NIST standards and guidelines has become an absolute must for high-tech companies and federal agencies. Read More

    Sarbanes-Oxley Act

    This act is focused on accounting and finance professionals to prevent corporate scandals. The law mandates a set of information security and password implications.

    Read More

    PCI DSS

    Enterprises that accept credit card payments must adhere to the Payment Card Industry (PCI) Data Security Standard (DSS). Credit card giants such as American Express, Discover, JCB International, MasterCard, and Visa Inc have come up with their own set of security standards.

    Read More

    HIPAA

    Companies handling sensitive personal and healthcare data must adhere to the Health Insurance Portability and Accountability Act.

    Read More

    GDPR

    The General Data Protection Regulation is a comprehensive set of standards and guidelines published by the European Parliament to protect EU residents' personal data. Any company that works with the personal data of EU residents should adhere to the GDPR.

    Read More

     

    Disclaimer: The above list represents only a partial list of regulations that mandate IT security and password management. We recommend that you consult your corporate auditor or legal representative for comprehensive guidance on your local laws.

  • About Zoho Vault

    Zoho Vault is an online password manager for teams. It helps securely store, share, and manage passwords from anywhere. Zoho Vault leverages the host-proof hosting (zero-knowledge architecture) to provide the highest levels of data security and privacy. The software is available in three editions and two languages. Zoho Vault offers three licensing options—Standard, Professional, and Enterprise—priced per user, per month. For more information on Zoho Vault, please visit https://www.zoho.com/vault/pricing.html.

Still can't find what you're looking for?

Write to us: support@zohovault.com