Sponsored feature Passwords are necessary for businesses, but look away for a minute and they quickly get out of control. If your users do things right and use a different password for each application, you’ll easily reach hundreds of them with just a few dozen people. It’s time to take control of them before they become toxic.
One of the first things on your list should be an enterprise password manager. Getting one is an important step towards reaching the kind of compliance requirements that regulators now demand. Only this week I read a Facebook post about a company with passwords stored in Excel. That just won’t cut it.
The first part of getting serious is accepting you can’t get by any longer with a group of “trusted” admins who can see and do anything they like. You need to segment your users to ensure they can only access the systems they should.
Enter Passwork
Passwork is a password manager that you can run on your own premises or in the cloud, designed with businesses in mind. It uses a browser-based front end, although version 7’s upgrade has mostly been at the back end, so the UX hasn’t really changed. It’s a straightforward list of items like credentials and users that you select and apply changes to, avoiding the steep learning curve some enterprise software imposes.
Finding and controlling user data is simple in Passwork 7
Passwork’s most basic unit is a password card which keeps the user id, address of service, extra login info, and the actual password in one place.
A vault structure for credentials
Some users, like those in finance and HR, want passwords that IT admins can’t see. They don’t always trust us engineers. Passwork handles that with a vault structure for organizing collections of passwords.
Previously, the software used organization vaults, but it has changed this structure. Now, all vaults are private, meaning that only one person can see it. That’s a new feature, and it’s useful when dealing with security-conscious departments that want to keep their credentials tight.
Beware, though; managing any tech is a bit of a stretch for a business department like HR. It’s better to create vaults that offer only basic admin permissions. Only create private vaults when there is a clear business need. One useful aspect of this new structure is that you can make a private vault shared by simply inviting other users to it.
A vault will often correspond to a business unit, keeping the credentials and who can use them in one place. You can delegate management of vault memberships to a user, allowing them to invite colleagues to join.
Always start by giving unit managers relatively few permissions. As they prove they can use them properly they can take on a lot of the low-level work without having to raise support tickets and wait for a response. Part of justifying a password manager is exploring how much your time costs, along with that of the users waiting for you to make changes.
A vault admin can add and remove password users and you can choose to let them edit those passwords too. The software notifies users either directly in the app or by email. That means no more printing passwords or handing them over on Post-It notes. Yes, that really happens. In 2025.
Too many services still let your users choose short, easily guessed passwords, and because users typically just want to get their jobs done, they take that option.
Bad passwords might be the users’ and the services’ fault, but they’re your problem. If you try enforcing regular changes or longer, harder passwords, users will write them down or do silly things like putting a single incrementing number at the end.
Professional password management means they aren’t remembering (and forgetting) passwords. They can be as strong as you like and the software generates them automatically.
Passwork 7 offers an uncluttered list of applications you are managing, tagged with what they are used for
Role-based security in Passwork 7
While vaults bring together a user’s credentials, roles bundle together the actions a user is permitted to take. Passwork 7 has renamed what it previously called ‘statuses’ as roles, adding administrative rights and custom settings. You can now create as many roles as you like.
Passwork lets you review a simple list of who can use which passwords and vaults, making it easy to find users with too much access. Evaluating user access is often a business decision as well as a technical one, so you’ll want a set of permissions that allow a manager to look at access but not change anything. That’s an example of classical role-based security. The ability to see the history of passwords is really useful, but not something you want many staff to have.
You can add and remove up to a couple of dozen precise permissions to a role. These include viewing which passwords a user has used, along with adding staff you trust to use them, adjusting their privileges as their needs become clearer. This is not a tool that you load up and leave running. You will frequently refer to it, though, so ease of use is important.
You will normally just create password cards and invite users to join the vault that corresponds to their business unit.
Passwork 7 also has user groups, which it previously called roles. These groups define access to vaults for multiple people at once, enabling administrators to apply one consistent change.
Many companies will have staff who nearly belong to a group. For those, you will simply send a link to a password. That will get updated, whereas if you’re managing passwords ad-hoc then sync failures lead to more support tickets and user complaints.
Securing your credentials
Passwork can synchronize credentials from SSO and LDAP, as well as imports via JSON and CSV, which will make clear to you just how many passwords you are managing. You now have the keys to the kingdom with everyone’s passwords all in one place, which means it’s time to worry about security.
Managing LDAP and other credentials is a cinch in Passwork 7
Firstly, this is a zero-knowledge architecture, meaning that it doesn’t store any credentials on user devices. All these, along with other data like change logs and notes, are stored in a dedicated MongoDB instance, encrypted with AES256. You have to choose whether that’s in the cloud or on your premises. Passwork tells me that Americans are more trusting of US-based clouds than Europeans.
You can also opt for two-factor authentication, and Passwork also offers its own 2FA application for Android and iOS.
It’s 2025. Just turn on 2FA already
Cutting shared passwords
One of the security breaches waiting to happen at your company is users lending passwords to each other. As a freelance techie, I’ve had to navigate security just to get the job done. That often exposes all sorts of risks.
It’s a practice that requires the lender to remove access afterwards. Given we’re talking about web-based services they can access without being in the office, that’s a disaster waiting to happen. You can’t find out who has someone else’s password, let alone work out who to blame when it goes bad. In short, giving me someone else’s password isn’t something you want to defend if something goes wrong.
Passwork 7 untangles this mess by logging password shares made through its system and ensuring that they expire. You can send a single-use web link to external users who won’t be accessing in-house systems.
Moving fast when it hits the fan
There’s now an active black market in leaked credentials, along with services that warn you when yours are up for sale. When you’re notified of a stolen password in play, there’s no time to fumble around finding lists and manually changing credentials.
Passwork 7 has a simple ‘Block User’ switch that prevents anyone using those credentials. It also flags all uses of those credentials as suspicious, providing a log of which services they have accessed and when.
This feature is worth the cost of the package all by itself, getting you ahead of the game by scoping the problem and enabling you to clean up the mess sooner. That will involve using the strong password generator.
Pricing
One of the pains in buying business software is having to deal with sales wanting to “understand your business”. This is a double assault, as they chew up your time working out how far they can open your wallet.
Passwork is commendably upfront about pricing. The starter package is 10 users at €2 each per month. Billed annually, that’s €240. There are plenty of other options, including outright purchase, making it cheaper than the average.
Whether this product is worth it for you requires some back-of-the-envelope sums. It works out at around €2-3 per month per user for the standard version, and up to €4.5 for the advanced version. That’s likely to be worth the money you’ll save on password support costs. A tougher calculation is the potential reduction in data breach costs, which surface as affect lost business, fines, and regulatory hassle.
System requirements
Obviously, you need to put this on a reliable, backed-up server to ensure users can get online access. Passwork supports Windows Server and desktop, Ubuntu, Debian and CentOS, needing 4-8GB RAM and 100Gb of disk storage. It officially supports Safari, Edge, Firefox and Chrome, along with most Chromium-based browsers. It has agent apps for Android and iOS.
Verdict
Passwork 7 is a cost-effective option to bring professional password management to your growing list of online services. If you’re still trying to herd passwords in your business, now’s the time to give it a look.
https://passwork.pro/
Sponsored by Passwork.
0 Comments