One of the most important facets of enterprise security is ensuring protection for all employee accounts. Password sharing methods play a critical role. When pressed for time, many users resort to sending unencrypted plain-text passwords via high risk channels like chat or email.
There are other ways to securely share passwords across teams throughout an organization—and writing it on a post-it note and leaving it on your co-worker’s desk is not one of them. Two recommended practices include:
Creating an audit trail.
With an audit trail, organizations are able to track the users who request passwords and the purpose for which they intend to use them, offering a way for organizations to discover potential password misuse. Additionally, being able to provide evidence of who has seen what in an organization is a compliance measure in known laws and frameworks.
Enforcing a strict need-to-know policy.
Giving users access to assets that are neither relevant nor useful to them on a daily basis only raises the risks for unauthorized access in the future. Limiting access to accounts and assets can help mitigate the probability of exposed sensitive data.
With an in-depth understanding of enterprise password challenges, Yubico ecosystem partner StoredSafe launched their own password manager, Password StoredSafe. It safely stores and shares enterprise passwords, as well as the critical information related to passwords, on a need-to-know basis and with a full audit trail.
All of StoredSafe’s solutions enforce two-factor authentication (2FA)—a testament to their commitment to password security. StoredSafe highly recommends the YubiKey and the YubiHSM for the strong hardware-backed 2FA protection they offer. With YubiKey 2FA enabled, unauthorized users cannot gain access to passwords and the enterprise secrets they protect.
“The YubiKey is the only hardware token StoredSafe supports since we integrated 2FA back in 2010. To further improve security, we have also incorporated the YubiHSM into our platform as a safe storage for all cryptographic keys. Both are easy to implement and empower our users to work independently from the internet and other networking services,” said Fredrik Soderblom, StoredSafe CEO.
StoredSafe continues to expand their product portfolio to help organizations meet and implement internal security policies around critical and sensitive information. Beyond their password manager, StoredSafe also offers 2FA StoredSafe for implementing two-factor authentication to existing IT infrastructures, Certificate StoredSafe for monitoring and holding certificate information, and File StoredSafe for securely storing confidential data.
Yubico is proud to highlight StoredSafe as part of an ongoing YubiKey ecosystem awareness program. Visit our Featured Solutions page to learn more about all the products and services that support the YubiKey.