Password Manager Security

After all these well-publicized data breaches, the question arises: “Are Password Managers secure?”

The answer?  Some are more secure than others (uh-oh!)

Use a highly ranked Password Manager to make your business more secure and fix the #1 hole in your business.

  1. Always use a Passphrase with your Password Manager software program.
  2. Always use Multi-Factor Authentication (MFA).

Password Manager settings and Company Policies

      First, your Password Manager must support secure & encrypted Multi-Factor Authentication (MFA). MFA requires two or more factors, including a password, to gain access (factors like a fingerprint, or a PIN number texted to your phone or emailed to you).

      Enable your Password Manager software to require MFA, then you must use MFA every time you login.

      Match this with your company’s Password Manager policies that require MFA use by all your employees.

      Ensure the company providing your Password Manager software demonstrates successful audits of two specifications:  SOC 2, and ISO 27001.

Zero-Knowledge and Encryption

Compliance Keeper Password Manager Security Business Pro™

is a highly ranked Zero-Knowledge Password Management solution. This means all information that is stored in the software is only accessible by the end-user. All encryption and decryption is done real-time in your device. Data is encrypted both in-transit through the Transport Layer Security (TLS)[i] and at rest on Keeper’s Infrastructure (AES-256). This obeys Data Security Laws concerning encryption.  The unencrypted (readable) version of the data is never available to Keeper Security employees or to any outside party. This obeys Data Security Laws concerning private information. The cloud component of the product is purely for the synchronization of encrypted data syncing and access controls. Keeper is truly dedicated to protecting customer data. In the unlikely event Keeper were hacked, Internet Criminals could only access the worthless ciphertext. This obeys Data Privacy Laws.

With Compliance Keeper Password Manager Security Business Pro™, the master passphrase is converted using PBKDF2[ii] into a key that unlocks the data on your device. Each individual record stored in your vault is encrypted with an additional 256-bit Advanced Encryption Standard (AES)[iii] key that is randomly generated on your device. The multiple layers of encryption ensure that even if a single key were compromised, access to other records would be contained. Experts call this limiting the “blast radius.”

Password Manager Requirements

  • Multi-factor authentication enforced.
  • Encryption standards enforced.

The safe and secure password storage for your business is a Business Grade Professional Password Manager.  Every business needs Compliance Keeper Password Manager Security Business Pro™.

Our super-affordable package Includes additional Security Audit and Breach Watch protection services. Click here for additional information.

Purchase for All Your Employees and
Protect Your Business from
the #1 Hole in Small Business Data Security.

FOOTNOTES

[1] Transport Layer Security is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy, integrity, and authenticity using cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security is a communications protocol providing security to datagram-based applications. In technical writing, references to TLS are often seen when it applies to both versions. TLS is a proposed Internet Engineering Task Force standard, first defined in 1999, and the current version is TLS 1.3, defined in August 2018.Wikipedia

[1] In cryptography, PBKDF2 is a key derivation functions with a sliding computational cost, used to reduce vulnerabilities of brute-force attacks. PBKDF2 is part of RSA Laboratories’ Public-Key Cryptography Standards series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force’s RFC 2898.Wikipedia

[1] The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into its original form, called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. https://www.nist.gov/publications/advanced-encryption-standard-aes