Your Next Password Manager is… a Browser?

Jason Trunk

The next evolution in password security is a new breed of browser with all the security features, visibility, and policy controls the enterprise needs, built-in — including sophisticated password management.

Your Next Password Manager is… a Browser?

The need for robust password management in business environments has never been higher. 

For one, despite our best efforts to ramp up cybersecurity education, most employees still don’t practice good password hygiene. At the same time, bad actors are using increasingly sophisticated methods — phishing powered by AI, for one — to breach enterprise accounts. 

Against this backdrop, single sign-on (SSO) and password managers like 1Password, LastPass, Dashlane, and Keeper have grown in popularity. 

SSO is essential, but there are gaps

Now a mature technology, single sign-on is an essential first step for improving security. Whether with a saved password or a biometric, SSO gets users into many applications securely, with a single click.

However, SSO rarely covers 100% of the applications in the enterprise environment. Some apps are simply too old to link up to SSO, or they're managed by a third-party supplier or website external to the business. (Take airline employees for example, who, in order to access the manuals needed to operate and repair their planes, have to log into apps managed by airplane manufacturers.)

All these non-SSO apps? They need to be managed by the employee themselves, with their own user IDs and passwords. 

Password managers fill the gaps, but they still fall short

The natural evolution to solving conventional password security issues not covered by SSO is the password manager. When implemented correctly, a password manager offers the convenience of SSO by automatically retrieving the password for each login. 

However, there are limitations to traditional password manager solutions, not to mention potential security vulnerabilities. Password managers that offer cloud syncing add third-party security risk — and there have been no shortage of headlines around this manner of data breach. 

Another shortcoming relates to the use of consumer browsers with password manager extensions. Imagine a scenario where the password manager pulls a password from the vault and auto-fills it into the website — as it’s meant to do. However, the browser then turns around and asks, “Do you want to save that password in the browser?” If the user clicks “yes,” now that password is exposed in the browser’s (far less secure) password store. 

That scenario grows far worse when using a consumer browser with personal profile syncing. Any password saved is now available across all of their devices — including those outside of enterprise visibility.

Even if you deploy a password manager that offers world-class security, it can still run on insecure browsers and not-up-to-date operating systems, each of which can be breached putting sensitive data at stake.

The password manager “bake-off:” a competition with no winners

While they have their drawbacks, password managers are a modern cybersecurity necessity. But evaluating traditional password management solutions against each other can become a serious pain.

Case in point: a CIO recently reported to me that he and his team had just spent nine months in a “password manager bake-off.”

Why? Because password managers have become ubiquitous. Each of them have virtually identical features, benefits, and weaknesses. There is no standout winner. And, as a result, IT teams waste precious time hemming and hawing over how to choose between largely interchangeable solutions. 

But here’s the good news: CIOs no longer need to choose a password manager. The next evolution in password security isn’t a stand-alone password manager. It’s the enterprise browser: a browser with all the security features, deep visibility, and hyper-granular policy controls the enterprise needs, built-in — including sophisticated, enterprise-grade password management.

The enterprise browser: work’s natural next step

Here is how the enterprise browser tackles all the challenges password managers do, and much, much more: 

  • Policy-driven password management; keep things secure with precision.
  • Password generation based on your company’s policies.
  • Secure storage and handling of all passwords, based on individual security requirements of what accounts and apps those passwords are associated with. 
  • Real-time device posture assessment and response. Can detect a change in device posture in real time, right in the middle of a session. That’s something extensions just can’t do.
  • No need to perform additional SSO, SCIM, or SIEM integrations because it’s simply a module built into the enterprise browser.
  • Not bound to the UX and technical limitations of traditional extensions. This opens many doors in the way of both security and user experience.
  • Protection against various cyber threats, such as man-in-the-middle and phishing attacks, through the secure-by-design browsing environment.
  • Chromium-based browser offers a seamless, secure, and user-friendly experience.
  • Zero knowledge architecture means only the user and their organization can access passwords stored in their vault. 

We’re no longer having a conversation about features; the enterprise browser delivers password management in an entirely new, built-in way.

No more “password manager bake-offs.” The enterprise browser is the clear choice.

If you’re in the middle of evaluating enterprise password managers, it’s time to throw out your spreadsheets and your pro/con lists. 

The enterprise browser doesn’t just do everything password managers can do; it also packages these capabilities in an entirely new way — one that is seamless and error-proof to the user, and configured for the enterprise. It vastly simplifies enterprise-wide adoption of password best practices while creating new protections around their use within corporate applications. And it eliminates password abuse, helps ensure organizational custody of corporate passwords, and embraces passwordless user authentication flows.

Even more importantly, it creates a tightly controlled, full-visibility, zero-trust environment that goes far beyond password management — achieving true security, without the cost and burden of bolt-on solutions. 

In short, the enterprise browser is easy for users, and secure for enterprises.

Now, that’s a clear winner.

See how Island’s Enterprise Browser solves the password management problem in a way nothing else can.

Download our Guide to Thwarting Password Attacks

Jason Trunk

Jason Trunk serves as Enterprise Architect at Island with over 20 years of experience with emerging technologies including server side code optimization, network decryption, and front-end browser performance. Before Island, Jason served as field CTO for AppDynamics (now Cisco), executive director at JPMorgan Chase, vice president at BigPanda, and other technical leadership roles at Mercury Interactive, Quest Software, and CA Technologies.

You might also like