Why Personal Password Vaults are an Important Security Feature of Business Password Managers

When an organization implements a business-wide, vault-based password manager, personal password vaults can be seen as “a nice thing to have” rather than an important security feature. However, personal vaults can do a lot more to enhance security than they are given credit for.

When organizations evaluate vault-based business password managers, it is understandable they prioritize security features such as zero knowledge encryption, open source software, administrative controls, policy engines, and audit logs. However, an increasing number of vendors are now also including free personal password vaults in their business plans.

Free personal password vaults are not included by accident. Anecdotal evidence suggests the implementation of a business password manager is much smoother within an organization when end users have access to personal password vaults in which to keep personal data – especially when personal vaults can be accessed via a variety of devices at home and in the workplace.

There is also evidence that the provision of a personal vault increases awareness of online security. This in turn changes security behaviors – both at home and in the workplace – which contributes to the development of a security culture. The security culture further raises awareness of online security, and the “virtuous circle” of enterprise threat prevention continues.

Personal Password Vaults

The Challenges of User Adoption

One of the biggest challenges of user adoption is that many employees don´t see security in the workplace as their problem. A recent survey found that 48% of employees in the public sector believe their employer is responsible for securing organizational data. Implementing password managers that lack personal password vaults actually reinforce this belief.

Additionally, despite being the most effective way to generate, store, organize, and use complex passwords, only one-in-five Americans use a personal password manager according to the Security.org 2021 Password Manager Annual Report. The reasons given for not using a password manager (see below) demonstrate a lack of trust and a lack of knowledge about how they work.

The lack of trust can be exacerbated when organizations provide employees with personal password vaults incorporated into a business-wide password manager. This is because employees who don´t understand how password managers work may feel their personal data is out of their control or have concerns their employer will be able to access their personal data.

Although organizations can enforce the use of a password manager for business credentials, it is important organizations also overcome the challenges of user adoption to smooth the implementation of the business-wide password manager, encourage employees to take greater responsibility for online security, and benefit from the ABCs of enterprise threat prevention.

Overcoming the Challenges of User Adoption

Overcoming the challenges of user adoption is not that difficult. By implementing a business-wide password manager, end users have access to personal password vaults whether they use them or not. If the Security.org report is correct, one-in-five employees will likely adopt the personal password vaults organically, while other employees will try them out of curiosity.

What organizations need to do is identify “champions” among their workforces who can spread a positive message about password managers, explain to other employees how they work, and help with tasks such as downloading browser extensions and mobile apps to make the personal password vaults more accessible. Thereafter, the rate of user adoption should increase.

Another key step organizations can take to overcome the challenges of user adoption is to enforce the use of two-factor authentication (2FA) to log into the password manager. This not only helps better secure business and personal password vaults, but also reassures end users that employers cannot access their personal data because they do not have access to 2FA codes.

One final step is to keep the benefits of using a password manager in the forefront of employees´ minds. Organizations can do this by sharing news of attempted credential theft that has been thwarted by the use of a password manager – both personal and corporate – and credential thefts that have occurred when no password manager was in place to prevent them.

Business Password Managers with Personal Password Vaults

Most commercial password managers offer business plans that include personal password vaults – with some (i.e., Bitwarden, 1Password, and Dashlane) offering additional free family plans so end users can encourage other members of their families to embrace password best practices. With regards to other leading vendors´ business plans, only Padloc, NordPass, and Zoho Vault fail to provide personal password vaults with business password managers.

To determine which business password manager might be most suitable for your organization, check out our password manager reviews via the right hand sidebar. All our featured vendors offer organizations the opportunity to take advantage of a free trial before committing to a subscription, and it can be beneficial to take advantage of these opportunities to evaluate factors such as the user experience and the choice of extensions and apps that could help – or hinder – user adoption.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news