Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords.
Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are using weak passwords that are easy to remember and reuse same passwords on multiple accounts and reusable passwords to secure their online accounts.
Ideally, your password should be at least 16 characters long and should contain a combination of digits, symbols, uppercase letters and lowercase letters.
Most of us know about this good password practice, but we just ignore it because it is really painful for us to memorize complex password strings for different accounts.
Here comes the need of a Password Manager OR Password Management Software.
Password Manager can significantly reduce your password memorizing problem, along with the cure for your bad habit of setting weak passwords and reusing the same password everywhere.
Typically, Password Manager generates long, complex, and – most importantly – unique passwords for you, and then stores them in an encrypted form on either your computer or a remote service.
All you need to do is remember one master password to open your password manager or the secure vault and access all your stored passwords.
Since there's a growing market for password managers for PCs and phones, it becomes quite difficult for users to choose a good password manager that suits their requirements.
While information security is a concern for everyone, it is even more important for businesses who store a lot of private information, such as employee data, financial records, and business transactions on their servers, to use a good password management solution.
I have been reviewing some security products from Zoho Corp. and got a chance to review Zoho Vault Password Manager, which I found to be a great password management solution not just for individuals but enterprises as well.
Zoho Vault is an online password management software that has been designed keeping in mind the requirements of individuals as well as businesses of all sizes and types.
Zoho Vault establishes a central repository that provides unmatched security and complete data privacy for individuals and companies to securely store, manage and safely share their sensitive data and access them from anywhere.
So whether you are an Enterprise, Online Marketing Firm, Web Professional, IT Head or just a layman individual, Zoho Vault comes in handy if you are struggling with shared passwords.
Since the type of information varies from businesses to businesses, the software lets an organization add custom entry fields to its secrets to help it save additional information, including Bank account details, Health Care, and Windows login.
Installation and operation are quick, which require users to just signup and get started within a few minutes.
Unlike traditional password managers, Zoho Vault offers a full set of password management features that I have discussed below in detail.
Secure and Encrypted Vault
Zoho Vault makes sure to provide the high level of security and protects all your passwords and sensitive data by encrypting it with the strongest known encryption standard 256-bit AES.
The 'Passphrase,' or Master Password that you enter to access your Zoho Vault is used as the encryption key to encrypt and decrypt the data at your browser.
What makes Zoho Vault stand out of the line? The software encrypts your secret data at the browser itself, stores only encrypted data on its server, and does not store your encryption key.
Since this key is not stored anywhere in Zoho Vault and not known to anyone including the team at Zoho, nobody except you can access your data, which provides you complete information security and privacy.
So, if in case you forget this key, you or your organization will not be able to recover the stored data anyhow.
Zoho Vault also features offline access: What makes Zoho Vault different from other password managers is its Vault you connect through the Internet.
Zoho Vault also features offline access, allowing you to access your passwords via a downloaded encrypted HTML file locally. All your secrets are just as secure offline as they are online.
Although the tool is really meant to be used online, you will not feel helpless in environments without internet connectivity.
For increased security, Zoho also offers two-factor authentication, which means that nobody else can log into your password vault even if someone succeeded in stealing your master password.
For your ease, the tool offers a variety of two-factor authentication options: mobile-based 2FA and via Google Authenticator.
With this feature turned on by admin, each user must enter a phone number at the next login to the vault and choose to receive authentication code via SMS/phone call, or Google Authenticator. Thereafter, login will require both Master Password and one-time verification code.
Mobile-based two-factor authentication can be trouble if you have got no signal, no battery, or a missing phone. In that case, Zoho creates a handful of backup codes (one-use codes) for login, which let you bypass smartphone-based 2FA in an emergency.
This level of security is good enough for most users as well as companies. Since administrators have control over users in Zoho Vault; they can control whether or not every employee uses 2FA.
The two-factor authentication option is also available for the free version of the tool.
Secure sharing of the password is an important aspect of every organization as failing to manage shared passwords adequately can expose any organization to serious threats, particularly in the case of a disgruntled employee.
Zoho Vault solves this issue by allowing administrators to securely share passwords and other secrets among trusted members of their organization, and assign different access privileges to different users.
The information sharing process in the Vault has been designed to follow the highest levels of information security and privacy standards.
Vault allows administrators to share credentials with members within the organization without actually revealing the credentials in plaintext, monitor password usage and access among the organization, and quickly revoke access from any user in real time just by a single click.
Administrators can create multiple vaults, known as Chambers, and just give team members access to certain vaults and quickly add users to access those vaults.
Administrators can enforce and modify restrictions, like I said above, whether or not each user uses two-factor authentication (2FA) for access to their vaults.
Moreover, even if any member leaves your organization, you can transfer the secrets that member owns in Vault to an administrator.
These features make Zoho Vault one of the best solutions we have seen for corporates.
We have always advised users to create long, complex and different passwords for their various online accounts. So, if one site is breached, your other accounts on other sites are secure enough from being hacked.
Zoho Vault lets you use the password generator to ensure all your passwords are strong.
Just clicking on a key icon next to the password field in the editor will immediately replace your password with a new, random password which matches the selected password policy.
Zoho also allows an organization's administrator to set up their own password policies in order to ensure that the passwords generated by their users are as secure as possible.
By default, Zoho offers a predefined Strong policy for organizations, which requires their member passwords to be between 8 and 14 characters in length, including uppercase, lowercase, numeric and special characters.
Besides this, admins can set expiry dates for its members’ passwords and alert them to change their passwords upon expiry.
Hence, administrators can define a super-strong password policy for their organization to ensure every member has a strong 16-character alphanumeric password with uppercase, lowercase and special letters that need to be changed every month.
Along with accessing Vault from any browser, any platform on your desktop, individuals, and administrators can download Zoho Vault mobile apps for iOS or Android that also offers Fingerprint authentication, and use them to sync their passwords and other secret data.
Users should install the Zoho Vault extension in their Chrome, Firefox, and Safari browsers, which will work under Windows, Mac OS X, and Linux systems.
So, one would never be required to type or copy-and-paste passwords to log into any websites or applications. One can simply launch direct connections to all of their websites and applications from the Zoho Vault interface, without even viewing the password.
Whenever you open a website say Twitter for example, where you have already saved your username and password, Zoho Vault will automatically enter your credentials for you.
But if you have no browser extension or login button installed, you will have to enter your credentials by copying and pasting.
Unlike other password management solutions, Zoho goes a step further in adding additional security mechanisms for corporates.
Admins can enable live notifications so that they can accurately track how and when changes to the vault are made, and how passwords or secrets are used. Zoho also keeps a tamper-proof audit trail for a record of changes over time.
Zoho Vault provides an easy-to-use tree-like structure (categories) for having all accounts organized, allowing its users to search and access their passwords and other secret records in a go.
Zoho offers to save your credentials as a "secret" whenever you log into any secure website using a supported browser and lets you enter tags for each secret or add them later in the editor.
This makes it easier for administrators who have a lot of sites to navigate easily through a lot of accounts and search through the data files to find the account, they are looking for and then auto-login to the site.
This is the most useful feature offered by Zoho. If you're migrating from or to a different password manager, you can import or export your existing passwords as needed.
However, the export process should be executed carefully as all of the exported data is in a plain text, i.e. Comma Separated Value (CSV) format.
Just to be on a safer side, admins are also advised to periodically backup their passwords for disaster recovery and emergency access.
Conclusion: I found Zoho Vault to be a good password manager for individuals who want a web-based solution as well as for businesses of all sizes. Most password managers I review are for personal use, while Vault is more geared towards corporate environments.
The service offers everything a company needs to centrally manage passwords for teams from protecting and sharing passwords between groups of employees to quickly remove access whenever necessary, which makes it one of the best solutions available for a corporate environment.
I recommend you to sign up and give Zoho Vault a try. You can take a 15-day Free trial of Vault's enterprise edition.
For individuals: The Personal Edition of Zoho Vault is free to individuals and supports one user.
The free edition gives users access to absolutely all of Zoho's features (from generating strong passwords to securely storing them) except for those involving multiple users.
You can store an unlimited number of passwords and notes for free and access them from your laptop, phone, or tablet. The free version also includes two-factor authentication, offline access and the ability to import and export your passwords.
Sharing and all other multiple user features require at least the Standard subscription to Zoho Vault, which costs just $1 per month.
For Corporates: The Standard subscription includes all free version features in addition to secure password sharing, centralized management, user provisioning, and management, ability to transfer ownership of passwords, data backup, alerts for password expiration, ability to restrict access based on IP address, and priority technical support.
The Professional edition of Zoho Vault costs $4 per user per month, which includes Standard features along with the ability to create and manage user groups, share entire chambers with user groups, and custom reports on user access.
The Enterprise edition is for large enterprises, which includes all Professional features along with integration with active directory, custom notification on password events and password access control.
Note: Zoho offers a 15-day free trial period of the Enterprise plan that can add up to five users. During that time, you'll have access to all features, so you do not have to jump for a subscription right away.