A little bit of history

Access to secret places or groups through a password and encryption appeared before our era. However, before the internet and computers, the average person did not have to memorise dozens or even hundreds of passwords. And if they did, they used notebooks (surely your parents still use them to store their logins and passwords).

And so, 27 years ago, Bruce Schneier came up with the idea of ​​creating a digital password manager, because the internet had developed to the point where there was a demand for this technology.

The first password managers lacked functionality and the ability to store different types of data. Synchronisation between different devices had to be done manually. As a result, password managers were more likely to be used by so-called "computer geeks" and people who were well-versed in IT.

Unfortunately, survey data shows that the use of password managers has not yet become a mass practice (around 30% of internet users have them), but awareness of this type of software is already much higher.

The evolution of password managers

Modern password managers can hardly be called password managers anymore, as they have gone much further than just storing login+password pairs. Now in these applications you can store credit card data, bank account information, various IDs, licences, server access, email service settings, secrets and even passkeys. You can set up one-time password generation directly in a password manager, attach files, or some password managers offer an encrypted space for file storage. Some offer integrated web browsers or encrypted chat. And that's not the end of the list of extra features that vendors include to make their products stand out.

With all these bells and whistles, can we really call password managers password managers? This name has become a legacy. Perhaps some alternatives will soon be introduced, such as: universal credentials manager, personal data organiser, identity manager, access manager, digital safe, secure data vault and so on.

Data access and protection

Previously, the use of a login and password pair was considered sufficient protection, even for a password manager. This does not mean that the data was not encrypted. It just means that access was easy.

The modern encryption standard for password managers is AES-256. It is widely used, and you could even say that it would be bad form in the industry to use weaker encryption.

A very useful option, which is also becoming the gold standard, is to check the login and password for leaks (most commonly in the haveibeenpwned.com database).

It is also worth mentioning the variety of multi-factor authentication methods that protect the login in the password manager: biometrics, one-time codes, security keys (hardware tokens), smart cards, push notifications, etc.

Many password managers offer single sign-on (SSO) authentication, e.g. Microsoft, Google account or your company's Active Directory / LDAP, and many more.

Password management in companies and organisations

Any business has a lot of information that needs to be protected and also needs to provide different employees with the minimum set of credentials necessary to do their jobs. And an enterprise password manager is needed to organise and share passwords, as well as set and enforce security policies.

Of course, a password manager should not be a standalone application in an organisation's IT system. The ability to integrate with enterprise systems such as Active Directory (or similar), Microsoft, Google or Amazon ecosystems, enterprise SSO solutions, perhaps even an SAP system.

In some cases, the integration is only for login via a corporate SSO, in others, it is possible to map user groups, roles and permissions to a password manager from a central system.

Is Passwordless an immediate threat?

Passkey technology has even been called the password killer. While passwords are still alive and widely used, passkeys are just beginning to take off. Currently, passkeys are supported by the latest versions of operating systems and some online services offer them as an authentication method.

Password managers are starting to adapt to the new reality, offering login with passkeys and passkey storage. So it looks more like adaptation and coexistence than the extinction of password managers.

What do we conclude with?

Although password managers have never gained the widespread popularity they deserve among private users, in the business environment these tools are a must. Modern legislation requires companies to store user data securely, and any data breach or leak can entail serious reputational and material costs.

The password manager PassSecurium™, developed by our company, is also an excellent tool for individuals and businesses to protect important data, including passwords.

You can try the free version or request a demo (for business subscriptions).

If you have any questions, please contact us and our specialists will be happy to answer them!
 

Sources:

https://en.wikipedia.org/wiki/Password_manager

https://passkey.org/