We’ve reached a point where password managers should no longer be considered optional. We need password managers to keep us from using lazy, weak passwords, and we need them for storing those secrets in a protected vault.
SEE: Mobile device security policy (TechRepublic Premium)
To that end, there are plenty of password managers to choose from, each of which will serve you better than trying to memorize every password or writing them down on a piece of paper. If you need a password manager that can be shared between teams, your options are a bit more limited. Fortunately, my shortlist of password managers are great for teams.
|Multiple account support||Yes||Yes||Yes||No||Yes|
|Random password generator||Yes||Yes||Yes||Yes||Yes|
|Random username generator||Yes||No||Yes||No||No|
|Password sharing||Yes||Yes with Pro||Yes||Yes||Yes|
|Role-based access||Yes||Yes with add-on||Yes||Yes||Yes|
|Web browser plugin||Yes||Yes||Yes||Yes||Yes|
Bitwarden is one of my favorite password managers, and not just because it installs natively on Linux. With this open-source take on the password manager, you get all the bells and whistles to which you’re accustomed. This includes a random password generator, cloud sync, favorites, categories, custom fields, folders, multiple account support, password send, and import and export.
With Bitwarden, all of your data is encrypted and/or hashed on your local device. This means no one can see, read or reverse engineer your data. On top of that, Bitwarden servers only store encrypted and hashed data.
Bitwarden comes with a number of very important features for teams and individuals, including the following:
- 2FA and MFA logins
- Multi-device usage
- Web browser extensions
- Mobile app
- Random password and username generator
- Security audits
- Logins, credit cards and secure notes vault entry types
- Master password reprompt for extra security
- Bitwarden Send to send either files or texts securely
- Import and export
Bitwarden’s Collections feature is a standout. Collections makes it possible to share only specific passwords with certain teams, which means you don’t have to worry about every team member seeing all of your passwords.
Instead, you create a Collection of passwords and then share it with a team. You can create multiple Collections and share each one with a different team.
Combine the Collections feature with a best-in-class interface that is user-friendly enough for anyone to use, and you have a great password manager ready for your teams.
Bitwarden: Best for teams sharing multiple vaults
Thanks to the Organizations feature, Bitwarden is best for organizations that need to be able to share multiple vaults with different teams and need a high level of flexibility. Organizations make it possible for users to share isolated vaults that have no access to personal vaults so companies can create multiple vaults to serve different purposes.
Bitwarden has two plans: Business ($3/user/month for teams or $5/user/month for enterprise organizations) and Personal (Free and $10/year/user for individuals, or Free and $3.33/user/month for families).
KeePass might be purpose-built for individuals, but it offers a file-locking feature that makes it more than possible to use this tool for teams.
Essentially, you store the vault on a network share, and when the vault is unlocked and someone else attempts to open the same vault, the second user will be prompted to either open the vault in read-only mode or open it in normal mode, thereby stealing the lock from the first user.
This makes it possible to use KeePass for teams and not worry that someone will overwrite another team member’s work as they are making changes to an entry.
In addition, KeePass includes the features we’ve all grown accustomed to in a password manager, such as support for all types of logins, master password protection, AES and Twofish algorithms, random password generator, portable version, import and export, and a search tool.
KeePass supports the Advanced Encryption Standard as well as the Twofish algorithm for the encryption of the entire database. The password manager is protected against dictionary and guessing attacks by transforming the master password key hash using a key derivative function. Passwords are also encrypted while KeePass is running, which means even when KeePass dumps the process to disk, the passwords aren’t revealed.
- Multiple user keys
- Portable with no installation required
- Import and export
- Database Transfer
- Password Groups
- Time Fields
- Secure Clipboard Handling
- Search and Sort
- Multi-Language Support
- Random Password Generator
- Plugins add extra features
- Auto-fill web forms
KeePass is free to use and can be installed on Android, iOS, Linux, macOS and Windows.
KeePass: Best for users okay with using the plugin architecture
KeePass is best used by individuals and small companies that don’t mind working with the plugin architecture to add the necessary features they need to enjoy the full functionality found in other password managers. Because of this, KeePass does have a steeper learning curve.
1Password is built for teams and individuals. With private and shared vaults, 1Password makes it possible to use a single tool for the entries you need to keep private and those you want to share with a team.
This password manager is powered by DuckDuckGo’s Smarter Encryption, which ensures traffic in and out of the service is protected.
1Password contains all the standard features you need, such as a random password generator, favorites, categories, tags, custom fields, secure notes, identities, modification dates, import and export, mobile and desktop apps, password strength monitor and more. All of these features are in the Private and Shared vaults. A shared vault is one that is accessible by your entire team.
1Password also includes a unique feature called Watchtower that keeps track of breach reports and monitors reused and weak passwords, unsecure websites, two-factor authentication and expiring passwords. The Watchtower feature is a great addition for enterprise use cases, as well as business and personal use.
- Multi-account management
- Web browser extensions
- Automatic data recovery
- SSH Key item templates
- Biometric CLI unlock
- Third-party integrations
- Crypto wallet items
- FIle attachments
- Keyboard shortcuts
- Smart suggestions
- Watchtower Dashboard for alerts and password monitoring
- Travel Mode hides all vault entries minus those you marked as Safe For Travel.
- Password strength monitoring
1Password starts at $19.95 for a team starter pack for up to 10 users.
1Password: Best for remote workers traveling
1Password is best used for any individual or company that requires the ability to secure specific items when traveling abroad, so sensitive information is available when out of the country.
Hypervault was built specifically for businesses and teams. This password manager allows you to create workspaces, folders and entries of all kinds that can be shared with individuals and teams.
One of the best features about Hypervault is that it is very IT-centric. In addition to storing the usual information, you can also store information such as ports, servers, IP addresses, licensing information, type, model, serial number, date of reception, OS, MAC address and notes. This makes Hypervault a great option for IT and development teams.
Hypervault includes more than 50 password templates for logins, databases, API keys, devices, FTP, email, software licenses, computer accounts and networks. You can also create private vaults to which your teams will not have access, and its very user-friendly web-based interface makes it easy to get up to speed with Hypervault.
Hypervault features zero knowledge architecture that is housed in European data centers. The company does frequent penetration testing to ensure the security of its systems as well as XSS, CSRF, throttling and tracking tests. All data is fully encrypted in transit, so bad actors would have considerable trouble viewing any transmitted information.
- Password reset
- Random and strong password generator
- Secure password sharing
- Multifactor authentication
- Easy backup/restore
- Password encryption
- Saved credit cards
- Website password management
- Workspaces and folders
- Standard data templates for passwords, documents, email settings and more
- Team management
Hypervault costs approximately $6.50/month/user for up to five users, $4.30/month/user for six to 50 users, or $4.13/month/user for over 50 users.
Hypervault: Best for teams creating custom templates for vault entries
Hypervault is best for teams that need to be able to create custom templates for vault entries, need to be able to store documents and other types of vault entries, and trust that their data is safe on device and in transit.
Passbolt is an open-source, web-based password manager that can be either deployed on-premises or as a hosted service via Passbolt. It works with a web browser extension to interface with the server.
Passbolt works a bit differently than your usual password manager. With this platform, you visit a website and then click the Passbolt icon in your web browser toolbar. You will be prompted to create the entry (although much of it will be auto-filled for you) and then you save it to your Passbolt vault. Once the password is saved, you can log into your vault and share the entry with teams, or you can simply work from within the web-based interface and manage your entire vault of passwords.
The Passbolt interface allows you to easily create a team (aka group) and then add users to that team. Before a user can be added to a team, they must first activate their accounts, which is done via email. Passbolt can be installed on various third-party cloud hosting providers, such as Kamatera and DigitalOcean, via their marketplaces.
One of the best things about Passbolt is the ability to host it on your own servers, which means your data isn’t shared by any third-party.
- Self-hosting option
- User and group management
- Granular password sharing
- Import and export
- Browser extensions and command line option
- Open API
- Private and shared folders
- Tag management
- LDAP provisioning
- Activity log
If you install Passbolt on your own services, you can use it for free. For the hosted option, it’s $32/month for 10 users, or you can opt to go a highly custom route — if you do, you must contact the company for more information.
Passbolt: Best for users self-hosting their password manager
Passbolt is best used by companies and individuals looking to self-host their own password manager from either a data center or a cloud-hosted platform.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays