Are you still storing password in spreadsheets, or worse, Word documents? Spreadsheets and other text-based files can have serious security holes – not to mention problems with lost password files, and inability to restrict who can access which passwords. Password sharing in a large enterprise can be very challenging because of the many different types of systems and passwords involved!
ManageEngine’s PasswordManager Pro makes it easier for enterprises to store and share passwords among authorized users, with role-based access control, logging, and reporting. It even enables remote login to devices without sharing passwords at all!
There are some very good reasons to consider PasswordManager Pro like:
Installation is easy – it only takes a few minutes for the software to install its database and web-server. PasswordManager provides a helpful setup guide that pops up on first launch. One small complaint was that once I completed the first step, the setup guide stopped appearing. Good thing I had a screenshot to work from, because I couldn’t figure out how to get that screen to display again!
Open Secure RDP, SSH and Telnet Sessions Right from PasswordManager
One outstanding feature is the ability to open up remote sessions to devices from PasswordManager Pro. This is unlike most other tools, in that the session runs from the PasswordManager Pro server – not the workstation of the user/administrator. The PasswordManager Pro server connects a Telnet, RDP, or SSH session to the target devices, and then emulates that connection for the end user in a browser window.
This has obvious advantages, including the benefit of saving time that normally would be used to copy/paste passwords from the password document. It also increases accountability, since PasswordManager Pro tracks password access and usage.
One of the great things about this feature is that it enables administrators to have much more control over access. Rather than giving out individual passwords to users, an administrator can simply add the user to a group permitted to access a given device. Then, then user can use a single-click to access and auto-logon to the resource without ever having to know what the passwords really are.
The great part? If administrators move to new roles and no longer need access, simply remove them from the access group. Organizational change becomes much easier to manage!
On the downside, there is currently no way to have multiple SSH or Telnet sessions open from PasswordManager Pro. This could create challenges for network administrators who may frequently need multiple sessions open to several different devices. The good news: ManageEngine tells us this functionality is on the roadmap for a future version of the product.
Role Based Access and Password Management
PasswordManager Pro can share and manage passwords several ways.
By default, administrators own all passwords they create. No other users can access or view those passwords unless they are deliberately shared. Owners can decide what level of access to grant to another user. Access can be granted to view, modify, or manage resources, and can be given to either users, or groups of users.
Users can also be granted various roles permitting different levels of access to the system and passwords in the system – administrator, auditor, “super administrator,” user, etc.
Add in LDAP/Active Directory integration, and this creates a very flexible access management structure.
Did an administrator forget to share a password? Enable password “workflows” and users can request access to resources from admins – and it’s a great way to grant temporary access too!
Password Control and Audit
All password activities are logged – so you’ll know whether a password is added, viewed, or changed. There’s even an “auditor” role that can be assigned to users allowing them to access all audit logs.
Better Password Management and Automated Password Resets
Changing passwords regularly is an IT security must, but in practice it isn’t done as regularly as it should be.
PasswordManager can help with total password management. It doesn’t just store passwords, but can go out and change them on your resources whenever a password is updated. It supports changes on a wide range of systems – from Windows and Linux, to SQL, Oracle, and Cisco or HP network devices. In some cases this could require a remote agent to be installed.
The software also provides reports that help administrators understand how passwords are being used. Know instantly how many passwords have expired, which ones don’t meet password complexity policies, and which passwords are rarely used.
The system can send notifications on password expiry, or even automatically change passwords at pre-determined intervals.
And Many More Features…
A few of PasswordManager Pro’s other features stand out, adding to overall value of the software:
- PCI (Payment-Card Industry) compliance reporting
- APIs for programmatic application password access – no more encoding passwords into scripts or code! Passwords can be pulled dynamically from the database as needed – and always using the most current password.
This is a very impressive product! It meets a real need for better enterprise-scale password management. It also adds features that enhance reporting, auditing, PCI compliance, user management, and more. And, the ability to remotely connect to Telnet/SSH/RDP is very impressive.
Complaints with this product are few, but there are a couple of kinks to work out. Occasionally, the product can feel somewhat rigid. Example: When adding a user you must set a password, and pick a password policy. But the default password policies are overly complex – so for example, a “medium” complexity password must be between 6 to 8 characters.
It’s incredibly frustrating as a user to be forced to use a specific length of password – it’s pretty clear why minimum password lengths are required, but I’m not aware of too many security holes caused by using too long of a password. So, why not set a 6-character minimum and be done with it?
Password policies can be customized, so there is a workaround. But, it’s annoying, and an example of the sort of rigidity that you’ll run into throughout the product.
Pricing is based on a subscription model. It starts at $495 (USD) for the “Standard” version, for two administrators. The “Premium” edition starts at $1,195 (USD) for five administrators.
Standard features include things like:
- User and group management,
- Password sharing and policies,
- AD integration.
The Premium edition adds additional features like:
- Remote device password resets,
- Password workflows, and
- APIs for application-to-application password access.
Few other password manager suites allow such ease of password management, and centralized control over how passwords are used. Add the ability to change passwords on remote devices; and secure, browser-based Telnet/SSH/RDP connectivity and you’ve got a win!
PasswordManager Pro is available for a free 30-day trial download. Try it out, and you may never go back to spreadsheets.
Product: ManageEngine PasswordManager Pro ♦ Review Date: April 26, 2012
- Centralized, encrypted password vault.
- Audit password access.
- APIs for programmatic application password access – no more encoding passwords into scripts or code!
- Active Directory integration
- Somewhat rigid interface
- Can’t open multiple simultaneous SSH/Telnet/RDP sessions