Skip to content

Services, Wiki-Artikel, Blog-Beiträge und Glossar-Einträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen
Authentifizierung Glossary

Passwort-Manager für Unternehmen - Zentrales Credentials-Management

Enterprise password managers centrally manage login credentials: encrypted (AES-256), with approval workflows, audit logs, Active Directory integration, and SCIM provisioning. Key products: 1Password Business, Bitwarden for Teams, Keeper Enterprise, Dashlane Business, Delinea Secret Server (also for admins/PAM). Benefits: no more Post-it notes with passwords, strong, unique passwords for every site, secure team sharing without sharing passwords via email.

Password managers are one of the most cost-effective and powerful security tools—yet they are often overlooked. 81% of all data breaches involve stolen or weak passwords (Verizon DBIR 2024).

Why Password Managers Are a Must in the Workplace

A Typical Company Without a Password Manager

  • Employees: "Password123!" for all systems (reuse!)
  • Shared accounts: everyone knows the CRM password (who changed it?)
  • Post-it notes with passwords on the monitor (visitors can see everything)
  • Offboarding: was the password changed after the employee left?
  • Passwords sent via email/Slack: unencrypted!

A hacker’s delight:

  • Credential stuffing: one database leak → all accounts affected
  • Breached Password Check: “Summer2024!” is in millions of leaks!

With a password manager

  • Every website: unique 20-character password (auto-generated)
  • Team sharing: encrypted, with audit log
  • Offboarding: one click → all shared passwords revoked
  • MFA integration: TOTP codes also in the manager

Enterprise password managers compared

1Password Business

  • Very popular, native apps for all platforms
  • Travel Mode: Hide sensitive vaults when crossing borders
  • Secrets Automation: Securely manage API keys in CI/CD
  • SIEM integration: Audit log export
  • Price: ~$7–8/user/month
  • SSO: SAML 2.0 (Okta, Azure AD, etc.)

Bitwarden (Open Source!)

  • Open Source: Auditable code (very important!)
  • Self-hosting possible: Bitwarden Server on your own server
  • Most affordable option: Teams starting at $3/user/month
  • Enterprise: SCIM, SSO, policies
  • For: GDPR-sensitive, tech companies
# Self-Hosted Bitwarden (Docker):
curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh
chmod 700 bitwarden.sh
./bitwarden.sh install
./bitwarden.sh start

Keeper Enterprise

  • Very strong in the enterprise segment
  • KeeperPAM: Password manager + PAM combined
  • Compliance reports: SOX, HIPAA, ISO 27001
  • Zero-knowledge encryption
  • Price: ~$5/user/month + enterprise add-ons

Dashlane Business

  • Focus on usability (high adoption rate)
  • Dark web monitoring: Are team emails found in leaks?
  • Phishing protection in the browser
  • SSO and SCIM

Suitability by Company Size

SizeRecommendation
SMB (< 100 users)Bitwarden Teams or 1Password Teams
Mid-sized (100–1,000)1Password Business or Keeper Enterprise
Enterprise (1000+)Keeper Enterprise or CyberArk (PAM!)
GDPR-sensitive/KRITISSelf-hosted Bitwarden or Keeper

Implementation and Policies

Phase 1: Tool Selection and Setup

  • SSO integration (Azure AD / Okta / Google)
  • SCIM provisioning: automatic account creation/deactivation
  • Plan vault structure: teams/folder hierarchy

Example Vault Structure

  • Engineering
    • Dev credentials
    • Cloud accounts (AWS, Azure)
    • CI/CD secrets
  • Marketing
    • Social Media
    • Analytics Tools
  • Finance
    • Banking (Finance team only!)
    • ERP Access
  • IT Administration
    • Network Devices
    • Server Credentials
    • Domain Admin (PAM integration!)
  • Shared Services
    • Shared Services (all)

Enforce Password Policy in Manager

  • Minimum length: 16 characters for new passwords
  • Complexity: alphanumeric + special characters
  • Expiration: 90 days (for critical accounts)
  • Reuse: last 10 passwords blocked
  • MFA: Required for access to Manager itself!

Offboarding Automation

  • SCIM deprovisioning: Account locked = automatically no Vault access
  • Shared Credentials: Manager logs which ones the user knew
  • Password rotation policy: Change all shared passwords after offboarding!

Audit Features

  • Which user accessed which password and when?
  • Weak Password Reports: Which passwords are too weak?
  • Reused Passwords: Identical passwords across different entries
  • Breach Reports: Were team emails found in data breaches?

Password Manager Security

Zero-Knowledge Architecture

  • All data: AES-256 encrypted before upload
  • Key material: only on the client (never on the server!)
  • Even a compromised server = no readable passwords
  • Provider cannot decrypt its own data

Master Password Security

  • The master password is the only key
  • Lost: data often irretrievable
  • Recommendation: Diceware passphrase (4–5 random words)
  • Example: "Tower-Crocodile-Page-Tree-Radio" = very strong + memorable

MFA Protection for the Manager:

  • Master password + TOTP + device trust
  • Backup codes: stored offline!

What to do if a device is compromised?

  • Temporary session key → after reboot: log in again
  • Biometric unlock: quick access without the master password
  • Remote session termination: end all sessions centrally

Known Incidents

LastPass 2022:

  • Attacker stole encrypted vault data
  • Zero-knowledge maintained: Passwords NOT directly readable
  • BUT: Metadata (URLs, usernames) unencrypted!
  • Lesson learned: metadata should also be encrypted
  • LastPass lost massive market share → Bitwarden/1Password benefited

1Password: no known breaches to date

Bitwarden: 2018 + 2020 audits: no critical vulnerabilities found

AWARE7 Services on This Topic

ISO 27001 Beratung Schulungen Penetrationstest
Back to Glossary Book a free consultation