The contenders:
- Bitwarden
- Keeper security
- 1Password
References:
Website.
Pcmag review.
BitWarden
Website: https://bitwarden.com/
Price: $3 per user/month
Compatibility: Windows, Mac, Linux, android, iOS
Browser extension: Yes
Password Sharing: Yes
Open-Source: Yes
Import Passwords: Yes
Encryption: end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256.
Features:
- Built-in File Storage
- Manage Users in groups
- Custom Password Requirements
- APIs to integrate into organization tools and systems
- Multi-Factor login
- Access Control policies
- Password Auditing
- Event Logs
- On-premises Hosting
- Has had formal independent security+cryptographical analysis completed AND publicly released the full unredacted technical report which includes all remediative measures that were implemented https://bitwarden.com/blog/post/third-party-security-audit/
- Has HackerOne program https://hackerone.com/bitwarden/
- GSuite Sync
- Enterprise policy functionality
- Vault health reports
Personal Notes From Using.
I have been using Bitwarden for a while now for all of my personal accounts. I Have used this for a while, and my main reason I enjoy it so much is how simple it is. It isn’t feature-packed but it is nice and simple to use with the browser extension. A lot of the analytical tools they provide are locked to a premium membership, which is provided on an enterprise plan. It also has a few options for 2FA my personal favorite being the Yubico.
Images
I have attached some images from my account to show some of the features.
Here we can see how your vault is structured, which as we can see is simple and does the job.
Here we can see the password generator alongside some auditing tools and importing from other password managers.
Just to show all the different two-step login methods, as well as what’s on the settings page.
Keeper Security
Website: https://www.keepersecurity.com/
Price: $3.75 per user/month ($45 per user billed annually)
Compatibility: Windows, Mac, Linux
Browser extension: Yes
Password Sharing: Yes
Open-Source: No (even though it is not open-sourced, they do have a public bug bounty.)
Import Passwords: Yes
Encryption: User data is encrypted and decrypted at the device level, not on servers or the cloud. 256-bit AES encryption, PBKDF2 key strengthening.
Features:
- Encrypted Vault for every user
- Folders & Subfolders
- Shared Team Folders
- Access from unlimited devices
- Policy Engine and enforcements
- Security Audit
- Activity Reporting
- Team Management
- Basic Two-Factor Authentication (SMS, TOTP, smartwatch and FIDO U2F)
- Keeper Chat (Similar to Wire, without calls)
- Training and support.
- Organization-wide security audit
- Dark Web monitoring
- Self Destruct mode
- Live Sync.
Personal Notes From Using.
I want to start by saying that I found them to be very professional. Within the first 2 hours of sending in a demo request, I was contacted via cellphone and immediately scheduled a meeting. Our meeting was very nice and went over all the features Keeper offered. I think one of the most unique features about keeper is the admin ability to disable any account and transfer their logins.I find the application very simple but yet has depth for customizing security just how you need it.
Images
I have attached some images from our meeting to show some of the features.
Here you are able to authenticate to LastPass through Keeper in order to import all of your items for a seamless transition.
These two images show us just how much the admin is able to enforce password limits, as well as how random passwords should be generated.
Here we can see that we are able to lock a user from logging into the account and we can transfer all of his stored items to another account.
This is what the auditing looks like, which gives an overview of everyone’s password strength without showing their password, so you can keep people up to date by adding an alert to this, which can be sent via email, or text.
1Password
Website: https://1password.com/
Price: Custom Quote for Enterprise. (other plans range from $3 – $8)
Compatibility: Windows, Mac, Linux
Browser extension: Yes
Password Sharing: Yes, limited to family plans and enterprise.
Open-Source: No
Import Passwords: Limited import options
Encryption: End-to-end encryption, 256-bit AES encryption, PBKDF2 key strengthening.
Features:
- Apps for Mac, iOS, Windows, Android, Linux, and Chrome OS
- Unlimited shared vaults and item storage
- Admin controls to view and manage permissions
- Two-factor authentication for an extra layer of protection
- Duo integration for business-wide multi-factor authentication
- VIP Support
- 5 GB document storage per person
- 20 guest accounts for limited sharing
- Custom security controls with Advanced Protection
- Fine-grained access control for each vault
- Free family accounts for all team members
$60 value per person
- Activity Log for tracking changes to vaults and items
- Custom roles to design and delegate responsibility
- Usage reports for creating an audit trail
- Custom groups to organize teams
- Provisioning with Active Directory, Okta, and OneLogin
Personal Notes From Using.
I found the initial setup very easy and straightforward. I think as far as navigation UI is concerned it is pretty basic and does the job. I think one of the best things about this is the Travel mode, so you can remove all vaults from devices temporarily. Using a QR code allows you to easily login without having to type in a master password. Another unique feature is it comes with a pdf in case you forget how to log in. As far as Enterprise features, speaking with a sales representative via email this is what I was able to find out.
- Thank you for sending along that additional information regarding what you’re looking for. In regards to the features, you’re looking for, in regards to being able to set password policies, at this time we do not have policies that you can set for individual passwords.
- What we do have though is our Watchtower feature which allows you to see if any passwords that are being stored in the shared vaults of your 1Password account are considered weak, or any duplicates, etc – https://support.1password.com/watchtower/
- Also, we do have the Master Password policy which is so that you can enforce each of your users to have a strong Master Password when you invite them to the 1Password account – https://support.1password.com/master-password-policy/ – we also, have a lot of other great security-related features in our 1Password Advanced Protection features that you get with 1Password Business – https://support.1password.com/explore/advanced-protection/
- In regards to reporting functionality we do offer different reports that you can run within your 1Password Business account – https://support.1password.com/reports/ – as well as the 1Password Activity Log, which can serve as an audit log type report – https://support.1password.com/activity-log/
Images
Just to show the basic vault and what the main page looks like.
Here we can see the settings page, as well as see the emergency kit button which is one of its unique features.
This is the auditing tool that they use as well, I didn’t save any passwords, but we can see the UI is very simplified.
Personal Conclusion
As I have personal experience with Bitwarden I would honestly say that the simplicity of it is very good, but it is lackluster in features, which makes it hard to contend on an enterprise level. 1Password I found to be a pretty decent option mostly because of all the features, as well as it’s simplicity. One thing I really like is the benefits it provides the team members with family accounts as well but it is designed more from that family perspective which may not be a good thing. Keeper I honestly feel is the best option for an enterprise because of how much the admin is able to do. Being able to do an entire audit on your team so you can see if someone has a weak or leaked password can be a very great way to keep your team’s passwords secure. It also provides the members of the team with a personal account so they can prevent using 2 password managers, for personal and business. In my opinion, the best bang for the buck option is Keeper Security because of just how good the administration features are.