Password management tools will greatly reduce the amount of time that your IT support staff has to spend assisting users. Password management systems need to be able to enforce company policies over password strength and rotation. The system also needs to be able to inform users of suitable password formats, generate suggested passwords, autofill password fields, and, if possible, provide multi-factor authentication.
Here is our list of the best network password managers:
- ManageEngine Password Manager Pro EDITOR’S CHOICE A centralized password management solution for large teams that includes confidential distribution. Runs on Windows Server, Linux, AWS, and Azure. Start 30-day free trial.
- N-able Passportal A password manager and document manager aimed at managed service providers.
- ITBoost An online password manager for MSPs with a companion document management system.
- IT Glue A cloud-based password management system and document manager with other system management tools included.
- Hypervault This password manager is suitable for IT departments or MSPs. Delivered from the cloud.
- Dashlane Business A cloud-passed password manager with apps for Windows, macOS, iOS, and Android.
- Passbolt A choice of on-premises or cloud-based versions of this password manager that integrates with AD and LDAP.
- LastPass Teams An online password manager that includes a cloud-based password vault.
As data protection standards become more important, businesses need to be able to demonstrate compliance. The implementation of those standards is often necessary in order to win clients and following tight access security will also protect the company from litigation against data loss.
Password managers automate a lot of the tasks that your IT support team has to perform in order to keep the network, equipment, data, and applications accessible to the right people. A comprehensive password manager includes a self-service portal, reduces the stress that can cause users to mistype their passwords, and also enables them to reset their passwords should they forget them.
Properly managed password systems will reduce the risk to your company’s data and lower the cost of supporting users.
The best network password managers
There are a lot of password management systems on the market and if it is your job to buy in new software for your company, you will spend a lot of time researching the market and investigating each option.
Our methodology for selecting a corporate password manager
We reviewed the market for password management solutions and analyzed tools based on the following criteria:
- A centralized coordinator that can manage passwords for many applications and networks
- The ability to run a single sign-on environment
- Self-service password reset portal for end users
- Secure password lockers
- Automatic password filling
- A free trial or demo system for a cost-free assessment period
- Good value for money represented by a fair price for competent tools
With these selection criteria in mind, we identified a pool of excellent password management services that are suitable for use by businesses in-house or by MSPs for client management.
In this report, you will read about the best password managers for companies and their networks. The shortlist we present will reduce the time you need to spend in your research by highlighting the best password manager available today.
You can read more about each of these options in the following sections.
1. ManageEngine Password Manager Pro (FREE TRIAL)
ManageEngine Password Manager Pro is a self-hosted package, but you can choose to install it in your account on a cloud platform. The system is a centralized service that enables you to store sensitive documents securely inside the encrypted vault as well as access credentials for all of the applications that your company uses.
Key Features
- A Centralized Secure Vault: Protected by encryption
- Connection Protection: Uses SSH and HTTPS
- Active Directory and LDAP Integration: Identifies users and user groups
- Bulk Password Management Option: Enforced password rotation
- MSP Versions: Multi-tenant architecture
Why do we recommend it?
ManageEngine Password Manager Pro is a security policy enforcement system that focuses on password security – particularly that of privileged accounts. The tool is able to discover credentials stored locally, remove them, and secure them. The system creates a central password vault and distributes them without disclosure.
ManageEngine offers Password Manager Pro in a range of editions that make it attractive to businesses of all sizes. The top plan can handle very high volumes of demand for credentials on a multi-national scale.
The main purpose of this system is to ensure that the business keeps control over passwords, ensuring that disgruntled or leaving employees can disclose or abuse system access credentials. Employees never get to see the passwords that get them into the applications that they use.
The system is able to scan other applications, operating systems, and network devices to gather all locally-stored passwords in its own vault. This discovery service extends to Windows, Linux, and VMWare. The Password Manager Pro system can interact with other operating systems, such as macOS, but passwords have to be transferred manually in those cases.
Who is it recommended for?
This package is necessary for password management for technician teams. IT support staff need to get access to most of the elements of your IT system and that creates a security loophole. Storing passwords securely and making them available when needed without the user seeing them removes the risk of data theft or system sabotage.
Pros:
- Security Monitoring for the Vault: Only allows access through secure connections to authorized users
- Strong Encryption Protection: Uses 256-bit AES
- Password Confidentiality: End users don’t get to see the passwords and they are automatically distributed to application login screens
- Password Policy Enforcement: Implement generated complex passwords and periodic password rotation
- International Scope Possible: Can operate for WANs
Cons:
- Not a SaaS Package: Runs on Windows Server, AWS, or Azure
Password Manager Pro is available in four plan levels. There is a Free edition that is limited to serving ten devices. All of the paid editions are available in a multi-tenanted architecture for managed service providers. The software for the ManageEngine system installs on Windows Server, Linux, AWS, and Azure. You can get a 30-day free trial of Password Manager Pro.
EDITOR'S CHOICE
Password Manager Pro is our #1 choice! The secure vault is protected with AES-256 encryption, which is the standard used by banks and the US military – it is uncrackable. Transfers are also connected by encryption. Browser extensions interact with the system through plug-ins and the service can also extend to mobile devices running iOS or Android.
Download: Start a 30-day FREE Trial
Official Site: www.manageengine.com/products/passwordmanagerpro/
OS: Windows, Linux & Web-based
2. Passportal
N-able Passportal is a cloud-based service that includes a password manager and a secure document manager. This might seem to be an unusual combination of services. However, both strands of this package require secure storage so there are quite a number of points of commonality between them.
Key Features
- Designed for MSPs: Used for access to client systems with privileged access accounts
- Active Directory and LDAP: Coordinates with the access rights managers on client sites
- Credentials Discovery: Scans a client site for applications that require credentials for access
- Enforces Password Policies: Complex passwords and password rotation
Why do we recommend it?
N-able Passportal is a cloud-based password vault that can distribute passwords to authorized users without that person getting to see them. The vault can also be used to store important documents, such as contracts. The document manager can also be used to create user guides and troubleshooting scripts for technicians.
This bundle of services is offered to managed service providers (MSPs), but it can just as easily work for IT departments. The concept of offering the service to MSPs is that those businesses can then sell managed account services to client companies. The services are charged for by subscription.
The password manager can act as a front end for a list of business access rights management systems, including Active Directory, Office 365, Azure servers, and LDAP implementations.
The ability of Passportal to interface with access rights systems enables system administrators to centralize all password-related tasks in one interface. Changes made in Passportal get automatically rolled out to the access rights systems that protect the network, devices, servers, and applications used by the company. An extra utility that can be added to Passportal is called Passportal Blink. This is a self-service feature that allows users to change their own passwords. This utility greatly reduces the number of calls that the Help Desk has to field.
Also included in Passportal is an autodiscovery feature that identifies password-protected applications that need to be included in the password manager. The tool can enforce password rotation and it includes a password generator to create complicated, unbreakable passwords. Those passwords are stored in an encrypted password vault and the applications that users try to access can be set to autofill those unmemorable passwords. An audit trail tracks access to the password manager and all access to protected applications are logged.
Who is it recommended for?
The N-able brand provides tools for managed service providers and that type of business really needs to keep tight controls of passwords because it is dealing with access to the systems of other companies, not just its own. An add-on service creates a self0-service portal to let end users reset their passwords.
Pros:
- Supports Automatic Active Directory Sync via LDAP: Enables coordination between the MSP password vault and client site ARMs
- Easily Revoke a Technician’s Access: Needed for leavers
- Compliance Reporting: Identifies weak passwords and implements password policy
- Users Generate Their Own Encryption Keys: Secures their cloud data from third parties, including Passportal and MSP technicians
Cons:
- No Price List: You have to request a quote
You can request a demo by filling out your details on their website.
Further Reading: Passportal Product Suite – Full Review
3. ITBoost
ITBoost is also a cloud-based service that is marketed to MSPs. There is no reason why in-house IT departments shouldn’t also use this system to manage their own corporate passwords. This business is part of ConnectWise, which is an IT infrastructure management systems provider and also produces a number of software platforms for MSPs. This password management system is bundled with a document manager and a configuration manager.
Key Features
- SaaS Tool for MSPs: A ConnectWise product
- Central Password Controls: Stores access passwords for client systems
- Document Management System: Stores sensitive documents in the secure vault
Why do we recommend it?
The main focus of ITBoost is its document manager and the password vault is designed to support that. Password services include a central administrator console, a password vault, and automatic password field population without disclosure. This system supports the creation of knowledge bases for use by end users and technicians.
The password manager enables an administrator to create and revoke user accounts on the network and company-wide. It also enables the system manager to reset passwords. The service includes a password vault and logs all access attempts for auditing and security purposes.
The main aim of the document management system linked to the password manager is the creation and management of knowledge bases. The service includes storage space and it is possible to store all types of files on cloud drives.
ITBoost Integrates with ConnectWise system management services: ConnectWise Control, ConnectWise Automate, and ConnectWise Manage. It also integrates with MSP RMM and PSA software produced by other providers, including Pulseway, SolarWinds, Atera, and Kaseya.
Who is it recommended for?
ITBoost is a product of ConnectWise and it is most compatible with ConnectWise remote monitoring and management (RMM) and professional services automation (PSA) systems. It is also compatible with N-able N-central, NinjaOne, Atera, and Kaseya VSA, among others. The target market sector for this product is managed service providers (MSPs).
Pros:
- User Self-Service Portal: Enables technicians to request access
- Allows for Internal and External Knowledge Base Articles: Help both staff and clients troubleshoot problems
- Client System Discovery and Documentation: Supports troubleshooting
Cons:
- Short Free Trial: The trial is only for 14 days
The services of ITBoost are available in three editions: Basic, Plus, and Premium. The password manager and access auditing features are included in all editions. ITBoost is available on a 14-day free trial.
4. IT Glue
IT Glue is very similar to both ITBoost and Passportal. It also combines password and document management and password management in one cloud-based package. IT Glue is marketed as a service for MSPs but could also be used by IT departments for in-house password management. This online service is a division of Kaseya, which produces system monitoring software, including RMM and PSA software for MSPs.
Key Features
- Cloud-Based SaaS Package: A product of Kaseya, which also has PSA and RMM services
- Password Vault: Can also securely store documents
- Built for MSPs: Integrates with other MSPs, including those created by Kaseya
Why do we recommend it?
IT Glue is very similar to ITBoost. Kaseya owns this tool. The main feature of this system is its documentation framework that will store guides and also let you create searchable knowledge bases with versions for users and for technicians. Password management relates to access controls for your document libraries.
This password manager is able to interface and synchronize with Active Directory, which makes it a great tool for those administrators who find the structure of AD confusing and its native interface unhelpful. The tool includes access tracking and there is a secure password vault stored on the cloud. Another great feature is the tool’s ability to identify at-risk accounts and warn the administrator to close them down.
An add-on to the basic IT Glue subscription is a system that can be accessed directly by clients of MSPs who would rather manage their passwords in-house. This is called MyGlue and it can be deployed by IT departments as a standalone package instead of IT Glue.
Who is it recommended for?
This system is designed for use by managed service providers. It has a multi-tenant architecture to keep the data related to each client separate. However, the system could also be used by IT departments for in-house documentation management. The system is compatible with Kaseya VSA and the RMMs of other providers, including ConnectWise and NinjaOne.
Pros:
- Works Well in MSP Environments: Also useful for IT departments
- Offers a Robust Library of Templates: Helps fast onboarding
- A Large Package of Tools: Available in three plan levels
Cons:
- No Free Trial: Get a demo
The charges for IT Glue are levied on a subscription basis per user per month. There are three editions of the service: Basic, Business, and Enterprise. Password management is included in all of them.
5. Hypervault
Hypervault is a cloud-based service. The tool oversees access rights for networks, devices, endpoints, servers, and applications. It is a good tool both for IT departments and MSPs.
Key Features
- SaaS Package: Suitable for managed service providers and IT departments
- Secure Password Vault: Strong encryption for the store and for data movement
- Also Stores Documents: Useful for secure file sharing
Why do we recommend it?
Hypervault provides a secure vault for passwords, documents, and other important business data. The Hypervault strategy over who holds passwords is a little different to the other services on this list because the scenario it works with gives control of the vault to the client, which would then pass credentials to MSP technicians.
The password management system is able to administer access rights for teams of any size. The relationship between users and resources can be mapped in a hierarchy, like in Active Directory. It is also possible to set up group access to resources. Hypervault is able to act as a unified front-end for the many different access rights systems that you probably have operating on your network right now.
The Hypervault package includes a library of templates. These are really mappings between the Hypervault password management system and another access rights system. By the mediation of the templates, many incompatible password management systems can be merged into the Hypervault management console. Any account creation or changes made in Hypervault get automatically rolled out to the relevant on-site access rights manager. All of the records set up in Hypervault are stored in a secured cloud-hosted password vault. All communications between Hypervault and the client’s site are encrypted and so is browser access to the system console.
The Hypervault password manager is able to impose a multi-factor access system on the resources that it protects. Access to the console itself can also be protected with two-factor authentication.
A useful feature of the Hypervault system is that it can be white-labeled, which means that you can put your company name and logo on the dashboard, all other interfaces, and all reports from the system.
Who is it recommended for?
This system is aimed at IT departments but it could also be used by managed service providers. Use cases that Hypervault proposes include the storage of social media profile credentials for marketing teams and the control of passwords for distributed teams that include remote workers.
Pros:
- Scalable Pricing: A subscription rate per user
- Access Security: Supports two-factor authentication
- Well Laid-Out Dashboard: A side menu gives access to each page of the console, each of which provides a separate function
Cons:
- The Vault is Held in the Cloud: It isn’t possible to host it privately
- Short Trial Period: Would like to see a longer trial period than 7 days
The subscription fees for Hypervault are charged per user per month. Accounts with larger numbers of users get a lower rate per user. There is also a discount of 10 percent that brings the price down for those companies that pay for the service annually in advance. The Hypervault system can be tested on a 7-day free trial.
6. Dashlane Business
Dashlane Business is a cloud-hosted password management system. Both the user interface and the management console is accessed through apps from different operating systems. This edition of the Dashlane password protection service is aimed at the management of passwords for teams.
Key Features
- A Cloud-Based Package: A SaaS platform
- Password Vault: Secure storage
- Password Management: Will generate complex passwords that users don’t need to see
Why do we recommend it?
Dashlane Business is a pure password management service – it doesn’t include a secure document manager like most of the other tools on this list. The system stores passwords in a secure vault for a business’s IT systems and a dashboard enables an administrator to create user accounts for access to each asset. Passwords are generated and not memorable.
Subscribers to the Dashlane Business service get a password vault and secure storage space, both hosted on the Dashlane servers. The cloud stage space that is included in the Dashlane plan is segmented per user and there is also business-wide storage space included.
Other features of the service include a password generator to create strong passwords with random characters. These long passwords are not memorable, and so the Dashlane user app will automatically fill in the password fields for the end-users of the system. System administrators can also choose to impose two-factor authentication for access to the network and other resources of the business. The Dashlane system will implement all of the necessary measures to carry out this policy successfully.
Dashlane Business monitors web pages and blocks infected or dangerous pages from loading into the browsers of the employees of the business. The combination of apps and secure browser monitoring makes access to the business’s resources secure from many different devices. The Dashlane app is available for Windows, macOS, iOS, and Android.
Who is it recommended for?
This is a good solution for any business. Even if you have users that are allocated to just a few assets, the system provides the passwords for access without the users seeing them. This improves security and prevents leavers from taking passwords to your system with them.
Pros:
- Confidential Credentials Distribution: Users don’t need to see or even know passwords
- Dark Web Monitoring: Scans for disclosed credentials on the Dark Web
- Password Rotation: Automatically renew passwords or replace them if credentials have been stolen
Cons:
- Not an MSP Tool: Doesn’t provide multi-tenant accounts
The service is charged per user per month and is available on a free trial.
7. Passbolt
Passbolt is available both on-premises and as a cloud service. There is also a free version of the on-premises software. The password system will cover all resources of the company including the network, servers, endpoints, and the applications that run on them.
Key Features
- Deployment Options: A SaaS platform or on-premises software for Linux
- A Free Edition is Available: This is the Community edition, one of the on-premises plans
- Active Directory and LDAP Integration: Available in the paid plans
Why do we recommend it?
Passbolt is a password manager and not a documentation store, so it is a close rival to Dashlane Business and ManageEngine Password Management Plus. The tool offers a cloud, SaaS option, which makes it similar to Dashlane and it is also offered as a software package, like the ManageEngine system.
The administrator’s console of Passbolt enables the creation of user accounts for individuals and also group access passwords.
Who is it recommended for?
Passbolt Community Edition is completely free to use for unlimited user accounts. This is only available in the self-hosted version and it is a standalone access rights manager. You need to take one of the paid editions to get integration with your existing ARM.
Pros:
- Secure Vault: Stores passwords and documents, possible to create user file spaces
- Mobile App for Access: Available for iOS and Android
- Access Security: Supports multi-factor authentication options
Cons:
- Not Available for Windows: The on-premises version runs on Debian or CentOS Linux
The free version of Passbolt is called Community. There are two paid versions, called Business and Enterprise. The charged-for editions of Passbolt have considerably more features than the free version. For example, Business and Enterprise Passbolt can synchronize with Active Directory and LDAP systems. Other useful tools in those two plans are multi-factor authentication, access logging, and system auditing.
The on-premises software installs on Debian and CentOS Linux. The system can also be operated on Windows through Docker virtualization. Passbolt Cloud is available on a 14-day free trial.
8. LastPass Teams
LastPass Teams is the business version of LastPass, the base version of which is aimed at individuals. The service is delivered from the cloud and centers on an administrator’s console. The management center of the password system is where the system administrator sets up user accounts. Those accounts can also be suspended or removed and their passwords can be reset.
Key Features
- Delivered from the Cloud: A SaaS platform with per-user pricing
- Central Password Management: Creates passwordless login for users
- Allows Password Sharing for Files: Shared folders can be created for projects
Why do we recommend it?
LastPass Teams is the lower of the two business plans offered by LastPass. This package is suitable for up to 50 users and the charge rate is fixed per user. Each user gets allocated a separate password vault and the system fills in password fields automatically.
Users are able to share passwords for specific files. Those files need to be resident on the secure storage space that is included in the LastPass Teams system. The storage area is kept secure with encryption as are all transmissions between the LastPass server and the networks of its clients.
Who is it recommended for?
LastPass Teams has a nice feature in that users don’t have to remember the master password to access the vault because the system provides an authentication app. The higher LastPass plan, which is called LastPass Business ads on single sign-on and multi-factor authentication capabilities.
Pros:
- Access Security: Multi-factor authentication
- Activity Auditing: Tracks and records logins and login attempts
- System Documentation Storage: For software licenses, hardware warranties, etc
Cons:
- Doesn’t Integrate with Active Directory: The administrator has to set up all user accounts manually
Businesses subscribing to the LastPass Teams service don’t need to install any software on-site. The console can be accessed through any internet browser. LastPass Teams is available in a 14-day free trial.
Selecting a corporate network password manager
Password management is an important task that shouldn’t be left to haphazard manual processes. Many systems administrators rely on spreadsheets to store user account information. Even for small businesses, that strategy just isn’t good enough. For one thing, any hacker discovering that file while exploring the resources connected to the network will instantly gain unrestricted access to all of the company’s data. Anyone that can get into a financial manager’s account will immediately get access to payment authorization functions and could clear out the company’s bank account.
Larger companies certainly need to invest in a password management system. Even just a password vault would be a good start. The tools on this list of recommended corporate and network password managers vary in functionality. Looking through the descriptions of these tools, you should identify one that includes all of the features that your company needs.
Take advantage of the free trials that many of the tools on our list offer. Once you get to see these tools in action, you will have a better idea of which is best for your company.
Business password manager FAQs
How do businesses manage passwords?
Password managers are becoming increasingly common in businesses because the demand for users to regularly rotate passwords and use different passwords for each application is unsustainable. It is impossible for a typical business employee to keep generating and remembering new, unique, and complex passwords. The user of password managers removes the urge for users to write down passwords, which can be particularly damaging if those plain text records are stored in files on a workstation.
What is a corporate password manager?
A password manager for business is the same type of system that is available for home users. A password vault requires one password for access but it stores many usernames and password pairs for many business applications, which includes SaaS systems on the cloud. A good password manager should also include an automated complex password generator. If passwords are too complicated to remember and are stored and instantiated in a format that the user can’t see, the business is protected against insider threats and the security risks presented by departing employees.
Do hackers use password managers?
Yes. Password managers are targets for hackers but the creators of these systems know that. The typical password manager stores passwords in a vault, which is encrypted and requires a password for access. Thetis makes automated, remote access to password vault contents impossible. However, these systems are susceptible to attack via rubber ducky devices. These are USB sticks that are identified as input devices and run keystroke scripts that emulate a real user.
Image: Password Mask from Pixabay. Public domain.