10 Features MSPs Should Look For in a Password Management Tool

Walls and locks can be built very strong, which is why the weakest link in security tends to be a human being. Defenses are easily compromised when someone leaves the door wide open – or worse, willingly lets in an intruder. 

This is no less true in cybersecurity situations when someone clicks a phishing email or sets a weak password. As a general rule, people tend to be easier to bypass than firewalls and security software. MSPs know the dangers of social engineering and leaked credentials, as well as the risk they pose to their clients and their own reputations.  

Password hygiene (doing all of those things cybersecurity experts keep mentioning, like not reusing passwords) is more important than ever to Managed Service Providers. 

But unique, complex passwords can be quite a hassle when you hold several dozen accounts with credentials that you need to remember. It would be hard enough to memorize a single string of 15 random letters and numbers, but ten, fifty, or a hundred strong passwords? That could drive someone over the deep end. 

This is even more daunting for IT providers who are managing hundreds or thousands of endpoints. Fortunately, there is a better way for MSPs to help their clients stay safe.

So if creating a strong, unique password for each of your accounts is so difficult, how can anyone be expected to do their part? That’s where a password manager steps in. 

There are many beneficial features of a password manager. Password managers not only store and input passwords for you, they can create those strong passwords and even protect other sensitive digital information. By securely storing your passwords in an encrypted password vault, these tools remove 99% of the memorization from the task of password hygiene. (You still have to remember your master password, but that’s much better than memorizing hundreds.) Most password managers also have features that sync information across several devices, making automatic logins easy while keeping all of your devices safer. 

There are several options out there for password managers, which of course means that some will suit you better than others. Personal preference might come into play, but there are certain standard features you should consider before choosing your password manager. We’ll discuss ten of the most useful features of a password manager below.

Support for various platforms is both a matter of convenience and overall usability. It’s important that you’re able to access your password vault regardless of what OS or device you’re using at the time. 

A password manager should support the four major platforms at the very least: Windows, Android, iOS, and Mac OS. This will cover the needs of the vast majority of users.  

Beyond device operating systems, you may want to choose a password manager with browser extensions on major browsers. Because so many logins happen through a web browser, this makes it much easier to use the password manager seamlessly.  

Arguably one of the best features of a password manager: the secure password generator. Password generators make it easy to create strong, unique passwords that are practically impossible to crack. Since the password manager will be doing the hard work of remembering these passwords, you’re free to use all of the best practices for password creation so that they’re long, use mixtures of characters, and impossible to guess based on how much someone knows about the user. This is especially important when you consider the ready availability of cracking software (Brute-Force Hacking Tools are sold online for less than the cost of a latte). 

Password generators usually have customization options for specifying the length and composition of a generated password just in case the account has special requirements or limitations for the password they’ll allow.  

Smartphones, tablets, home and work computers…  

Automated syncing is essential in a world where we always seem to be switching devices. With cloud-based syncing, you can switch to another device and have all of the updated login information waiting in your vault. 

This is a feature found on most major password managers, but it’s worth noting that some intentionally do not use the cloud and instead store passwords locally on the device. These managers are generally not able to sync between devices.  

Since you’re storing login credentials for all your accounts, security is an obvious concern. The best password managers address this by using encryption protocols to ensure your data stays securely out of the wrong hands. 

Look for AES 256-bit encryption, the Department of Defense standard for data encryption. You should opt for a manager that uses end-to-end encryption that also protects data in transit.  

Additional security features are worth a second look. For example, password managers which also support multi-factor authentication (such as mobile device 2FA) add additional layers of security which further help protect you or your organization.  

While a hack or data leak is unlikely to affect a password management vendor directly, you may want some extra peace of mind toward the possibility. Password managers that use a zero-knowledge storage approach ensure that a password manager cannot access your stored credentials. In other words, even the provider of the password manager cannot access your secure storage vault, so a compromise from their end wouldn’t expose your credentials. 

Tools are even better when they have multiple uses. The best password managers can also store things like notes, bank account numbers, and manually-entered credentials in the secure vault. Some will even allow you to store files of any extension, much like OneDrive or Dropbox. 

This is an added measure of protection for valuable information should your device be stolen or lost.  

Some feel that putting things in the cloud immediately puts their security at risk. While this might have been more of a truism in the early days of the cloud, modern infrastructure and encryption has virtually eliminated the need for worry. 

Still, the idea of storing your passwords on your device might seem safer. There are drawbacks to this approach that shouldn’t be ignored. Primarily, if you lose the device where the passwords are stored, you lose all your passwords as well — and because the manager isn’t synced to the cloud, those passwords can’t be recovered. 

And let’s not forget point 4: easy synching. On-device vaults can’t offer the convenience and seamless use of cloud-based password managers.  

Password managers ask you to set a Master Password as the primary key to your encrypted vault. This is the one password you actually do need to remember, because it gives you access to all of the credentials stored in the manager. And because it is essentially the key to all of your accounts, you should not use a weak password, reuse a password, or write it down.  

Of course, there is the chance that you could forget it. This likely means losing access to all of your accounts until you manually perform a password reset with each — not fun. Thankfully, the top password management tools have recovery options to help with this. 

Different password managers approach password and account recovery differently. As long as they offer a secure means to recover your Master Password, you’re all set. Familiarize yourself with the means of recovering a lost password before choosing your password manager.  

Older password tools required users to copy and paste stored passwords into their login fields. Modern password autofill features eliminate all of that unnecessary work. Most password managers will also allow you to save the username and password of a newly-created account as soon as they’re accepted, much like the “saved form fields” function on many web browsers, albeit more secure.  

The ability to share credentials stored in your secure vault can be a useful feature in some circumstances, but isn’t always needed. The nature of passwords is that they shouldn’t normally be shared, but some accounts are shared among family members and thus more than one person needs access.  

You may want the ability to export your vault data to keep a local backup or switch to another tool. While this isn’t a high-priority feature, it is one that can come in handy in the future.  

What’s the Best Password Manager for Your MSP and Your Clients? 

Password managers are simply a must-have tool in 2022 and beyond — but which is right for your particular use case? 

Every MSP is different, so it’s great that you have a variety of password managers to choose from. That said, the above ten features are important to consider when making your decision. The most important factor is security, but you don’t need to sacrifice protection for convenience and ease-of-use; the best password management tools will give you and your clients both.