How the best businesses manage business passwords

But how do you create and manage strong passwords for your business? What do you do when you have a few or a few thousand employees who need access to company resources, corporate accounts, databases, and more? And what happens to those passwords and user credentials when collaborators leave the company?

Business password management is about much more than just creating, storing, and autofilling passwords. It’s also about sharing passwords securely, efficiently, and in a way that keeps information on a strictly need-to-know basis.

In this blog post, you’ll learn why businesses need strong password management software, how businesses typically manage passwords, how password managers help security teams, and the best security solutions to manage business passwords.

You’ll also learn some best practices to create a security culture among your teams and the benefits of using 1Password as your business password manager.

Why password management is important for every business

Businesses face many challenges when it comes to password management. Some of these challenges are:

• Password reuse: According to a study by HYPR, 72% of people reuse passwords despite being aware of the risks. When forced to update work-related passwords, half of employees simply add or change a single letter or number. This makes it easy for hackers to access multiple accounts with one compromised password.

• Weak passwords: Many employees use simple or predictable passwords, such as 1 2 3 4 5 6 or their name or birthday. One in five people use a password with the word “password” in it. It’s possible for hackers to guess or crack these passwords using brute force or dictionary attacks.

• Password sharing: Many employees share passwords verbally, via email, or on sticky notes. These insecure methods can expose passwords to unauthorized users and make it hard to track who has access to what.

• Password sprawl: A study revealed that almost 40% of employees have to manage more than 50 passwords for different accounts. Without a password manager, it’s hard to remember all the passwords, leading to password fatigue and frustration or reuse.

• Password compliance: Many businesses have to comply with various regulations and standards, such as GDPR, HIPAA, PCI-DSS, or ISO 27001. These require businesses to implement strong password policies and practices, like minimum length, complexity, and encryption.

These challenges can have serious consequences for businesses:

• Data breaches: Globally, almost 50% of all data breaches in 2023 involved weak, stolen, or reused passwords, with that percentage reaching over 80% in the case of basic web application attacks (BWAAs).

Data breaches can result in financial losses, reputational damage, legal liabilities, and customer churn. According to IBM, each data breach cost companies an average of $4.45 million in 2023, a 15% increase over the last three years.

The research found that while most breaches caused by external actors were financially motivated, espionage was the second leading cause. Therefore, breaches can also lead to important losses of intellectual property, particularly among large enterprises.

• Productivity loss: The average worker spends 12.6 minutes per week entering or resetting passwords, adding up to 11 hours of lost productivity per year per employee. These lost hours can be worth $3.3 million per year for a company with 10,000 employees.

• Employee dissatisfaction: People don’t like having to remember passwords, and it can cause them a great deal of stress. According to identity management firm Beyond Identity, 39% of Americans experience high password fatigue. Password-related stress can affect employee morale, engagement, and performance.

To overcome these challenges and consequences, businesses need strong password management software that can help team members create, store, share, and manage passwords securely and efficiently.

How effective businesses typically approach password management

The way businesses typically manage passwords depends on the size of the organization, leading to two levels of common cybersecurity practices: enterprise security and small business security.

Enterprise security

Enterprise security refers to the password management practices of large organizations with thousands of employees, multiple departments, and complex IT infrastructures.

Enterprise security usually involves:

Centralized password management

Enterprise security teams use a centralized password management system to create and manage user accounts and passwords for the entire organization.

This allows them to enforce password policies, assign roles and permissions, and monitor password activity.

Single sign-on (SSO)

Enterprise security teams also frequently use a single sign-on system, such as Okta or Microsoft Entra ID, to allow employees to access multiple applications and services with one login credential or master password.

This reduces the number of passwords employees have to remember and manage, streamlining the user experience and improving security.

Multi-factor authentication (MFA)

Accessing multiple accounts with one password can be risky. That’s why enterprise security teams often use a multi-factor authentication system, like Duo or Authy, to add more security to the login process.

This requires employees to provide:

• Something they are (such as a fingerprint or a face scan)
• Something they have (such as a smartphone or a token).
• Something they know (such as a password).

Small business security

Small business owners tend to think hackers only target large organizations, so cybersecurity can sometimes fall by the wayside.

This makes typical password management practices of small and medium-sized businesses simpler and less effective than in large enterprises.

Small business security usually involves:

Manual password management

Small business owners and employees use manual methods to create and manage passwords, such as writing them down in a notebook or on sticky notes or storing them in spreadsheets or simple text files on their devices.

These methods can be insecure, inefficient, and prone to human error.

Use of personal password managers

Some small business owners and employees use free password managers like the ones built into the Chrome, Safari, Edge, or Firefox browsers. Others rely on personal password managers to create and store passwords for their personal and professional accounts.

While these password managers are convenient, they’re not designed for business use and don’t offer features such as team sharing, policy enforcement, or audit logs.

This makes keeping track of your cybersecurity on a company-wide basis a challenge. It also hinders your ability to discover, contain, and prevent data breaches.

No password management

Some small business owners and employees don’t use any password management system at all. They rely on their memory or intuition to create and remember passwords.

This is the worst practice, as it exposes them to the highest risk of password compromise and data breaches. It also leads to frequent password resets caused by forgotten passwords.

How password managers help security teams

Password managers are software applications that help users create, store, share, and manage passwords securely and efficiently. Enterprise or business password managers are custom-tailored for teams with company security, convenience, and productivity in mind.

Password management solutions can help security teams in various ways:

Strong, unique passwords

Strong passwords are long, random, and different for every account and website. A strong and unique password is hard to guess or crack and prevents the domino effect of one compromised password affecting multiple accounts.

Here’s a great example of a strong password:

Security teams should monitor the password strength and uniqueness of their team members, groups, and guests and ensure credentials are updated if they’re ever exposed.

Thankfully, a password manager makes it simple for employees to create, store, and use strong passwords for all of their work accounts.

Effective businesses will roll out their password manager to everyone. They’ll pre-install the app or invite new employees to create an account as part of their onboarding.

They’ll also provide training to new and existing employees.

Provisioning and access management

Password managers provide an infrastructure that allows security teams to easily create and manage user accounts and manage user and system access to various resources and sensitive data. This type of work is called provisioning in the IT industry.

With a password manager, security teams can follow security best practices related to provisioning like the following:

• Create new user accounts and new passwords.
• Manage passwords centrally.
• Generate strong passwords.
• Share passwords securely

For example, 1Password has vaults (these work a bit like folders) and groups. Admins can sort employees into different groups (either by level, department or something else) and then assign access to appropriate vaults.

Many password managers, including 1Password, will also integrate with SSO solutions.

This allows admins to automatically mirror their employee groups between their SSO and password manager.

For example, if an admin adds a new employee to a ’Finance’ user group in their SSO tool, the employee is automatically added to the ’Finance’ group in their password manager.

Secure sharing

As mentioned previously, teams often require shared access to company accounts, platforms, and resources when collaborating. Sharing passwords and data is therefore necessary, but it can also expose them to unauthorized or malicious access.

Security teams should use and encourage others to use secure and encrypted channels to share passwords and data with their team members instead of writing them down on paper or sending them through email or text messages.

For instance, a social media team manager might create an account for a hot new service and then want to share that with the rest of their social media team.

A password manager gives them the ability to do just that.

Effective businesses train their workforce on how to do this, including best practices, so that they can work securely on their own.

Policy management

Password managers allow security teams to enforce password policies and practices for their teams and organizations by allowing them to:

• Set password requirements: Security teams can set password requirements, such as minimum length and complexity for their user accounts and passwords and ensure they comply with industry standards and regulations.

• Enable password features: Security teams can enable extra password manager features like seamless integration with their SSO provider, multi-factor authentication, biometric authentication, and emergency access for user accounts and passwords.

• Customize password manager settings: The best enterprise password managers let security teams customize account and password settings, such as password visibility, autofill, and password management permissions, and optimize their user experience and productivity.

Security alerts

It takes businesses an average of 73 days to contain a data breach once they know it happened, but it takes them 204 days to realize they were breached in the first place.

Password managers will monitor user passwords and flag password-related security issues, allowing them to respond promptly to prevent or contain the situation.

With a business password manager, security teams can:

• Generate security reports
• Conduct security audits
• Receive security alerts

These alerts allow admins and employees alike to address potential problems before they cause security incidents.

Secrets management

Finally, modern password managers go beyond securing passwords. The best ones also protect and help manage other company secrets, like API keys, SSH keys, passkeys, certificates, tokens, credit card numbers, and other sensitive information.

Password managers help security teams:

• Store secrets securely: Security teams can store secrets in encrypted vaults and protect them with strong passwords, multi-factor authentication, and biometric authentication.

• Share secrets securely: Teams can share secrets with their team members or external collaborators using secure end-to-end encryption and permission-based access.

• Manage secrets centrally: You can manage all the secrets in your organization from a central dashboard, where you can view, edit, delete, or export secrets as needed.

Comparing five security solutions

There are many password managers available in the market, but not all of them are suitable for business use. Even those that do offer business plans may have varying levels of security and offer different features.

To help you choose the best password manager for your business, we evaluated five security solutions to manage business passwords based on their features, plans, and pricing.

1Password

1Password is the best overall password manager for businesses. It offers a complete and powerful solution that combines security, convenience, and control.

1Password Business is trusted by over 100,000 businesses worldwide, including household names like IBM, Slack, PagerDuty, Shopify, and Intercom.

Features

1Password Business has a rich set of features that make it easy and secure for IT teams to manage business passwords, such as:

• Password generator: 1Password can create strong and unique passwords for every account using a customizable and random combination of letters, numbers, and symbols.

• Security and encryption: 1Password uses a zero-knowledge security model based on AES-256-bit end-to-end encryption and the Principle of Least Privilege. The former means only the user can decrypt and access the data, not even 1Password.

• Secret Key: Besides an account password, you need a Secret Key that’s only stored on your devices to open your 1Password account. That means no one can access your private data even if they break into 1Password’s servers.

• Authenticator app: You can use 1Password as an authenticator app for apps and websites that offer two-factor authentication (2FA).

• Synchronization: 1Password Business syncs all passwords and data across all devices and platforms, such as Mac, iOS, Windows, Android, and Linux, as well as the Chrome, Firefox, Edge, Brave, and Safari browser extensions or add-ons.

• Offline access: 1Password Business also supports offline access, which means that users can access their passwords and data even without an internet connection.

• Sharing: 1Password Business allows teams to share passwords and data securely and easily with other team members, groups, or guests using vaults. IT managers can assign different permissions and access levels for each department, project, or client and share it with the relevant team members, groups, or guests, with full, edit, or view-only access.

• Auditing: 1Password Business enables security teams to monitor and audit their team members’ passwords and data activity using reports and logs. Reports and logs provide detailed and actionable insights into password and data usage, such as who accessed, modified, or shared what, when, where, and how.

• Reporting: 1Password Business allows security teams to generate and export various reports and statistics on their password and data management, such as password health, security score, activity history, and breach alerts. These reports and statistics can help security teams measure and improve their password and data security and demonstrate compliance with industry standards and regulations, such as GDPR, HIPAA, and PCI DSS.

• Passwordless access with passkeys: 1Password can create, store, and manage passkeys for passwordless access to websites and apps that support the FIDO2/WebAuthn standard.

• Integrations: 1Password Business integrates seamlessly with other tools and platforms that security teams use, such as Active Directory, Okta, Microsoft Entra ID, OneLogin, Ping, Yubikey, Duo, and more. These integrations enable security teams to automate and streamline their password and data management workflows, such as provisioning, de-provisioning, authentication, and notification.

• Travel mode: Protects your privacy when crossing the border by temporarily removing sensitive data from your device as you go through customs.

Plans and pricing

1Password offers three plans with varying functionality for businesses of different sizes and with different needs: Teams, Business, and Enterprise. All plans come with 1Password’s Watchtower, Travel Mode.

Here’s a summary of the different plans and their price structure:

Teams Starter Pack

• $19.95 per user, per month (for up to 10 users)
• Unlimited shared vaults and items
• 1 GB document storage per user
• Two-factor authentication
• 10 included users
• Unlimited shared vaults
• Manage permissions for shared vaults
• Help others recover their account
• 5 guest accounts for limited sharing
• Admin controls
• Basic reporting
• Email support
• Built-in risk detection
• Selective sharing
• Friendly, 24/7 expert support

Business

• $7.99 (per user per month)
• All Teams features, plus:
• Custom roles and groups
• Advanced reporting
• Activity log
• VIP support
• Free family accounts for all team members
• SSO and automated provisioning
• Customizable policies
• Integrate with your identity provider
• Stream events to your SOC and SIEM tools

Enterprise

• Custom pricing
• All Teams and Business features, plus:
• Customized setup and onboarding
• Dedicated account manager
• Enhanced security and compliance
• Custom terms of service and SLA
• Onboarding engineer

The Teams Starter Pack offers the best value in the industry for teams of up to 10 members plus up to five guests.

If you have more than 10 team members, you should switch to the Business plan. While the cost to businesses does increase, it’s still more affordable than the best competitor after adding all the included features that make 1Password Business the best choice for large teams.

LastPass Business

LastPass is a popular password management tool for both personal and business use.

LastPass offers a free personal account, albeit a very limited one. However, it could be a good option for smaller teams that don’t require business features like sharing, auditing, and others.

Over 100,000 businesses worldwide, including Yelp and Hootsuite, use LastPass Business.

Features

LastPass Business has a user-friendly and intuitive interface that makes it easy for security teams to manage business passwords, such as:

• Password generator: Creates strong and unique passwords for every account and website.

• Encryption: LastPass encrypts all passwords and data with AES-256-bit encryption and end-to-end encryption.

• Synchronization: You can sync ‌passwords and data across devices and platforms with offline access.

• Sharing: LastPass allows security teams to share passwords and data with other team members, groups, or guests.

• Auditing and reporting: LastPass enables security teams to monitor and audit the password and data activity of their team members, as well as generate and export various reports and statistics on their password and data management.

• Integration: LastPass integrates with other tools and platforms, such as Active Directory, Okta, and Azure AD.

• Optional SSO and MFA add-ons: With LastPass, only the top-tier Business plan offers single sign-on (SSO) and multi-factor authentication (MFA), but they’re paid separately as add-ons.

Plans and pricing

LastPass offers two plans for businesses of different sizes and needs:

Teams

• $4.00 per user per month (up to 50 users)
• 50 users or less
• Private vault for every user
• Passwordless login
• Unlimited shared folders and items
• Multi-factor Authentication (MFA)
• Security Dashboard
• Dark web monitoring
• 2FA and MFA support

Enterprise

• $7.00 per user per month
• All Teams features, plus:
• Unlimited amount of users
• 3 SSO apps with MFA
• LastPass Families for employees
• Library of pre-integrated SSO apps
• 100+ customizable policies
• Customizable user management
• SSO and MFA add-ons available ($2 per user per month each)

In terms of price and features, LastPass makes the most sense for medium-sized teams of more than ten employees that don’t require advanced security features like SSO and MFA.

For teams of ten or fewer employees, 1Password offers far more features and more competitive pricing with its Teams Starter Pack.

But if you’re looking for the most features for your team, 1Password’s Business plan is the best and most cost-effective choice for teams of all sizes.

NordPass

NordPass is developed by Nord Security, the team behind NordVPN, one of the world’s leading VPN providers.

Features

NordPass has a simple and intuitive user interface that makes it easy for security teams to manage business passwords. Besides a password generator, password synchronization, and item sharing. Some of its top features include:

• Encryption: NordPass for Business encrypts all passwords and data with XChaCha20 encryption, a modern and secure algorithm that’s faster and more efficient than AES-256.

• Activity Log: This is NordPass’ auditing and reporting tool. SSO: NordPass offers single sign-on through Google Workspace, Entra ID, Microsoft Active Directory, and Okta.

• SSO: NordPass offers single sign-on through Google Workspace, Entra ID, Microsoft Active Directory, and Okta.

• NordPass Authenticator: You can use NordPass as an authenticator app to get time-based one-time passwords (TOTPs) for 2FA.

• Group management: This feature lets users create groups where all members share the same access permissions.

Plans and pricing

NordPass offers three plans for different business sizes and needs: Teams, Business, and Enterprise. Here’s a table summarizing the different plans and their price structure:

Teams

• $1.99 per user per month (-10% for a 2-year plan, up to 10 users)
• Company-wide settings
• Google Workspace SSO
• Admin panel
• NordPass Authenticator
• Activity Log
• MFA
• Account recovery
• 24/7 support

Business

• $3.99 per user per month (-10% for a 2-year plan, 5 to 250 users)
• Everything in Teams, plus:
• Security dashboard
• Group management

Enterprise

• $5.99 per user per month (-10% for a 2-year plan)
• All Teams and Business features, plus:
• Unlimited users
• SSO with Entra ID, MS ADFS, and Okta
• User and group provisioning via AD
• Shared folders
• Dedicated account manager
• Face-to-face onboarding services
• 24/7 Premium support

NordPass also offers a 14-day free trial for all plans. All plans offer a 10% discount if you commit for two years.

This takes the Teams plan down to $1.79 per user per month, and the same goes for Business and Enterprise plans. However, none of NordPass’ subscription options offer as many password management features with the same level of security as 1Password.

While a 1Password Business account costs $2 more than the NordPass Enterprise plan, the former comes with a complimentary Families plan for each employee, a value of $5 per user.

NordPass doesn’t offer this complimentary service, so you get much more value from 1Password for you and your team.

If you’re looking for a no-frills password management solution for your company and want the lowest possible price, NordPass is a good option. However, if you want more out of your password manager, 1Password is a smarter choice.

Alternative options

There are two other popular password managers that businesses may consider: Dashlane and Bitwarden.

Dashlane for Business

Dashlane for Business is used by over 22,000 businesses worldwide, including Air France and Sephora.

Dashlane has a user-friendly interface and offers dark web monitoring, among other features. One of its key differentiating features is its bulk password changer, which allows managers to automatically update hundreds of passwords at the same time.

It offers three plans: Starter, Business, and Enterprise.

• The Starter plan costs $20 per month for 10 users and includes unlimited passwords, secure sharing, and dark web insights.

• The Business plan costs $8 per user per month and adds unlimited seats, SSO integration, SCIM provisioning, activity logs, policies, and a free Friends & Family plan for all users.

• The Enterprise plan has custom pricing and adds a dedicated customer success manager, an onboarding customer support specialist, and an onboarding technical engineer. It doesn’t offer passwordless login for business accounts or SSO integrations for ‌Teams starter accounts.

Bitwarden for Business

Bitwarden for Business is a password manager that offers end-to-end encryption and seamless SSO integration.

The product is developed by a community-driven and independent company that works on open-source security, making it one of the only open-source password managers for businesses in the market.

It offers two plans: Teams and Enterprise.

• The Teams plan costs $4 per user per month, including premium features, unlimited sharing, API access, event and audit logs, and organization two-step login.
• The Enterprise plan costs $6 per user per month and adds SCIM support, custom roles, policies, passwordless SSO integration, account recovery administration, a free Families plan for all users, and a self-host option.

However, Bitwarden for business doesn’t offer secrets automation like 1Password does.

Creating a security culture among teams

Using the best enterprise password management solution doesn’t guarantee you’ll be able to avoid a data breach. Nothing can completely shield you against human error and bad security practices.

Managing business passwords isn’t only a technical challenge but also a human one. Security teams must ensure that their team members, groups, and guests follow the best practices and policies for password and data security and create a company-wide security culture.

Security culture is the set of values, beliefs, and behaviors that promote and support security awareness and responsibility among team members.

A strong security culture fosters security best practices across an organization, helping security teams prevent and mitigate password and data breaches and protect their business assets and reputation.

Effective businesses build this culture in a few different ways:

1. Get buy-in from the top

Einstein was once quoted as saying: “Setting an example is not the main means of influencing others; it is the only means.” You’ll be hard-pressed to foster a strong security culture in your organization if your security leaders don’t walk the talk.

Security and IT managers should demonstrate good security practices and behaviors to inspire and influence their team members, groups, and guests to follow suit.

2. Provide employees with the tools that make it simple to be secure

As we’ve seen until now, using a password manager to its full potential is the best way to foster security best practices like creating unique, strong, random passwords for every business and personal account each team member uses.

It also helps IT and cybersecurity managers set and enforce adequate password policies, monitor compliance, and handle the provisioning of hundreds to thousands of users with ease.

3. Provide plenty of employee education and training

Security teams should educate and train their team members, groups, and guests on the importance and benefits of password and data security and the risks and consequences of password and data breaches.

They should develop and communicate robust security policies around password creation and usage and other security best practices.

Security teams should also provide clear and easy-to-follow guidelines and instructions on how to use the password manager and other tools in your business’ security stack and how to create, store, share, and update passwords and data securely.

4. Give people a voice

Communication and collaboration with team members, groups, and guests on password and data security are paramount to a strong security culture. It’s important for IT and Security teams to create a feedback loop and a learning environment where everyone knows where and who to ask for guidance in case of security issues.

Security teams should also use various channels and methods to deliver security messages and training, such as email, chat, video, webinars, podcasts, newsletters, and gamification.

5. Enforce and monitor

After setting the groundwork and the rules, enforce those rules and monitor to ensure everything is working as expected.

Security teams should monitor the compliance and performance of their team members, groups, and guests on password and data security, using password managers and other security tools.

6. Evaluate and improve

Password and data security policies and practices aren’t static documents. Rather, they’re living, breathing security assets that should be updated regularly. New cybersecurity threats arise every day, such as the widespread use of AI in business settings.

According to the Salesforce Generative AI Snapshot Research Series, almost three-quarters of full-time employees across different industries believe generative AIs like ChatGPT and Bard pose new security threats to corporate data. Your security culture and practices should evolve to keep up.

Bolster your security with a business password manager

Using a password manager like 1Password Business can bring many benefits for security teams and their businesses, such as:

• Improved security: 1Password Business encrypts passwords and data and helps security teams use strong passwords for every site, reducing cyberattacks.

• Increased productivity: 1Password Business syncs and fills passwords and data across devices and platforms and lets users access them offline without remembering or typing them.

• Enhanced collaboration: 1Password Business lets users share passwords and data securely and easily using different options with different access levels and connects with other tools and platforms.

• Simplified management: 1Password Business gives security teams an admin console where they can manage different options, control access levels, track password and data activity, produce reports and statistics, and enforce password policies and best practices.

• Reduced costs: 1Password Business offers flexible and clear pricing plans, value for money and return on investment, free family accounts for users, and discounts for nonprofits and educational institutions.

1Password Business is the best password manager for businesses. It’s trusted by over 100,000 businesses worldwide because it offers a complete and powerful solution combining security, convenience, and control at a manageable price.

Are you ready to take a proactive approach to protect your business from bad actors? Sign up for 1Password Business today.

1Password