We have been hearing about the need to use strong passwords since time immemorial. But the fact is–it’s tough! Normal internet users have hundreds of logins (I have 202 and counting…), and setting ugly-looking long strings of passwords is the last thing one can do. An ordinary human can’t remember all those unique characters for each account. Besides, the old-school trick of writing it down isn’t a practical solution. The only way out is a password manager; if you aren’t using passwordless authentication, of course. For the first-timers, a password manager keeps track of your logins, generates strong passwords, has auto-fill, and many more features to make the internet easier and safer. But even after the appealing features offered in most utilities, only 31% use one at work: While personal safety is an individual issue, you shouldn’t let your business pay for your negligence. In addition, considering an on-premise password manager is the most secure option for any business. You don’t risk the credentials even if the password management company gets hacked. So we’ll discuss one such software, Passwork password manager, which can be deployed on-premises and in the cloud. Both the versions are pretty similar, but the self-hosted one is more feature-rich, and that’s the one we’ll review. Let’s get started.
Passwork: On-Premises Password Manager
Based out of Finland, Passwork can be deployed on Windows servers, Linux, and as a Docker image. You get detailed guidelines for the installation on supporting platforms. It comes with top-notch enterprise-friendly features like:
AES-256 EncryptionAuditable Source CodeRole-Based User ManagementComplete Activity LogTwo-Factor AuthenticationAD/LDAP IntegrationSAML SSO CompatibilityMobile ApplicationBrowser ExtensionsImport/Export in JSON/CSVPasswork APIDark/Light Themes
Further sections are about the hands-on testing of some of the features. This will help you decide whether Passwork fits your expectations.
Vault Creation & Sharing
The first thing you do as an administrator is to create a password vault. There are two types of vaults, Organization and Private. The Organization Vaults are managed by the admin of the password manager, which is also the first account to log in. Subsequently, the admin can assign similar or selected rights to other users as well for each of the vaults. Similarly, the vault admin can share a specific vault via a time-bound sharing link having restricted access with the Create link option, sitting at the bottom right in the preceding image. Adding users to the vault is also a few clicks process. You can invite multiple registered users by directly sending them an invitation or creating a link and sharing it with the group. However, the admin needs to make the user profiles (discussed later) before sending the invitation. In contrast, the Private Vaults are managed by the respective users. However, a user can share its Private vault with any other employee or the organization.
User Management
Another crucial section for any business is User Management. Based on your subscription, you can create up to 100 accounts in a single plan. This can be done with the Create users button. It takes you to enter the login username, role, email, and membership status. Subsequently, you get specific login credentials to share with the intended user. Additionally, you can create Roles and share registration URLs with Invites. The primary objective of assigning Roles is to make appropriate groups and manage permissions in one go for all the group members. Besides, this indicates the number of participants in each group and the vaults they have access to.
Password Import/Export
Password Import is another vital area if you’re migrating from another password management utility or starting afresh. In either case, you need to prepare the data in JSON or CSV. Similarly, Export data gives you a choice to download all the vaults together or selectively in JSON or CSV. However, you can directly import (or export) in any specific vault too. Just click on the horizontal ellipsis (shown by the arrow) and choose the option from the dropdown. One can also manually input a password entry using the + Add password button. The in-built password generator can use numbers, lowercase & uppercase characters, and special characters, collectively or separately. This also has provisions to set multiple usernames and passwords for the same URL in one go.
Security
Not just external entities but employees can also put the security of the institutions in jeopardy. So Passwork leaves it to the admins to practice best security practices as per the condition at hand. The first monitoring tool is the Activity log. This is given by the name History (hidden in the horizontal ellipsis) within each vault. Alternatively, the complete vault history is available in the Activity log in the left side panel. This section is very handy and gives each activity for every user in all vaults. Moreover, it logs admin activities like vault & user creation, password deletion & sharing, and practically everything that happens within the vaults. Notably, this will be visible only to the respective vault admins. The next set of options given under the head Passwork Settings allows for micro-level control on the vault creation, its contents, sharing, etc. For instance, the admin can enforce the use of two-factor authentication, regulate password sharing & vault creation by non-admins, use auto-logout, enable time-restricted API keys, etc. Another feature aimed toward safety is the Security Dashboard. In a nutshell, this tells you about overall password security. You can check the password strength and age to reset it accordingly. In addition, Passwork automatically marks passwords that were accessed by employees who were removed from the system. This allows you to very quickly restrict access to corporate services to dismissed employees. Ultimately, Passwork has given decent attention in the security section and has most of the features for all sizes of organizations.
LDAP/AD Integration
You can integrate Passwork with your corporate LDAP so users don’t have to remember one more password. The idea is to utilize the LDAP/AD directory for Passwork in lieu of setting up native login details. To turn this on, the first step is to set up an LDAP/AD server by clicking over Add server. Afterward, enter the server details, test, and save. Subsequently, you need to turn the toggle on to Enable LDAP authorization on the homepage of LDAP settings. One can also deactivate any server with just a toggle switch listed against each server name. Likewise, there is Debug sitting below the Add server, which lets you verify the LDAP/AD authorization.
SSO Settings
Single Sign-On (SSO) is to further simplify password management. Put simply, SAML SSO is about using a universal username and password combination for logging into a set of web applications. This again cuts the need to remember multiple credentials for each account. So this will be useful if you’re already using a SAML identity provider or planning to use one. To use SSO, you just need to configure the given details (as in the image) with your identity provider (IdP). This will ensure the users are given the option to log into the Passwork with the existing IdP. This works similar to social logins and is a hassle-free way of giving access to the intended users.
Passwork API
This is the fastest means to create or modify the vault contents. You can retrieve the API key from the API settings and use it for creating, updating, and fetching passwords from the vaults you administer or have access to. The API documentation listed on the sides (under the Manuals) is very detailed, and you get examples stating everything you can accomplish via the Passwork API. In addition, the JS connector is to simplify the integration with your existing infrastructure.
Browser Extension & Mobile Application
Passwork browser extension works with Chrome, Firefox, Edge, and Safari. Click the Settings and users at the top and find the Browser extensions under the CONNECT APPS. Subsequently, download the extension and enter the host address to make it functional. The browser extension lists all the vaults, has the password generator, and the vital features of the web application. You can use the extension with a pin to avoid using an authorization password every time. Besides, the extension user interface has the option for light and dark themes. Similarly, you can download the mobile application for Android and iOS. As of this writing, Passwork lays the need for your smartphone to access the hosting servers via LAN or VPN. After you download the mobile application, it asks for a QR code (from the desktop application) scan to gain access to the vaults. Unlike the browser extension, the mobile application is more powerful and tries to replicate the desktop experience on the smaller real estate. You’ll have access to the vaults and can use the collaborative features on the Passwork smartphone application, making it a perfect on-the-go password management utility.
Conclusion
So this was a brief hands-on with the self-hosted Passwork for business. The detailed documentation and the quick support made it really smooth for us. In addition, the demo account is perfect for gauging its strengths and suitability.