For a large enterprise, having a policy in place that requires end users to pick strong passwords is not that effective – or even within most compliance regulations. There's still a possibility that users will go against the policy and choose a simple password, or that your IT support staff will have to assist users routinely when they forget a strong password.
Instead, a password manager forces users to have strong passwords, creates a schedule to determine when passwords have to change, and includes an admin console for controlling passwords and access to key services within the company. These password management tools also work across multiple operating systems and on mobile devices.
1. Centrify Enterprise
A useful app in the IT security toolkit, Centrify Enterprise can track not just password authentication attempts and record a log of attempted break-ins, but it also monitors valid logins and can report on unusual activity (plus it tracks user activity). When there is suspicious activity, the tool can capture video of that activity. Like any good enterprise tool, Centrify can track and audit activity on multiple platforms including Windows, Linux, and UNIX servers. Reporting features include the ability to generate a user session report based on roles within a large company, and you can see a summary of all current logins across the entire enterprise.
2. LastPass Enterprise
One of the key benefits to using LastPass in the enterprise, especially for organisations that have to maintain data integrity and abide by strict compliance regulations, is that the password data is not accessible even to the LastPass admins. The app can use multi-factor authentication mediums like a thumb drive for better security, supports unusual browsers (like Dolphin on mobile devices), and can warn end users about weak passwords. The enterprise version manages employee on-boarding and off-boarding, generates a security "score" for your company, and supports policies like restricting access to a specific mobile device platform.
3. RoboForm Console
The enterprise-grade version of RoboForm includes a site license to store and manage all passwords used in the company, full admin console for managing users and departments (including role-based groups), and advanced reporting that meets regulatory compliance issues. The admin console can be used to generate a password only for a set time period until it expires, or one group password that tracks activity for that department. When there is a group password, the end user in that department won't know the password but will login only as part of the group. Admins can also set up a password reset policy that is deployable through SMS to smartphones. The app includes extensions for use in IE, Chrome, and Firefox.
4. BeyondTrust PowerBroker Password Safe
With all of the auditing and session logging capabilities an enterprise needs, PowerBroker Password Safe goes beyond managing passwords and forcing end users to create strong passwords. The tool syncs with LDAP and Active Directory to provision users automatically, works with hardened appliances that use government-level security based on the FIPS 140-2 standard, and has a full reporting module for tracking login attempts and session activity. The reports can be used for regulatory compliance issues in case of a breach attempt.
5. Keeper for Groups
With 256-bit encryption and PBKDF2 key generation, Keeper for Groups is a high-end app for multi-user environments in a large company. There's a browser-based admin console for the IT staff to manage credentials, and the app runs on every mobile device imaginable, including smartphones and tablets on both Windows and Android platforms. Your admin team can track and manage all users, monitor which devices and OS platforms have gained access (and control access from those platforms), and track permissions to company services.
6. Dashlane 2.0
Not specifically designed for enterprise use, Dashlane encourages strong security because the tool is so easy to use. End users create one master account and then use the app on multiple browsers and mobile devices. The tool uses AES-256-bit encryption and, like any enterprise-grade password manager, does not store any of the passwords in a database that's accessible to any of the Dashlane admins. Using Google Authenticator, end users can add two-factor authentication beyond the master password. The main benefit is that Dashlane is a popular and highly useable tool, which means end users are more likely to keep using it to protect sensitive data and prevent hackers from breaking into their accounts.