Password Managers: Single Point of Failure, or a Necessity for a Secure Enterprise? (part 1)

Recently, I've been hearing many references to password managers in the various podcasts I listen to and blog posts I read.

It's not a new concept by any account, but instead, the hype is due to  major breaches at sites like LinkedIn and Yahoo!.  Because of the reuse of passwords, breaches at such sites means that hackers now have usernames and passwords to other, more important resources.

The argument for password managers is that they would prevent password reuse by preventing users from having to memorize login credentials.  Another benefit is the complexity  of passwords that these tools allow users to maintain.

Opponents to password managers would claim that it is a single point of failure, loss of the master password would now allow attackers to access ALL sites and resources.

What I thought would be a simple blog post this morning ended up being a bit of a rabbit hole in research on various tools available, password theories by guys like Gene Spafford and Bruce Schneier, and the ultimate decision of feasibility of password managers in financial institutions.

My goal is to continue research on the topic and make it a 3-4 part series.  In the meantime, I'd love to hear your thoughts:

Have you implemented password managers in your financial institution or other organization, and would you be willing to share your experience?

Please email me at chris@chrisbedel.com

I promise to keep your feedback anonymous.