Security Considerations for Team Based Password Managers

Password management applications are a common and practical way to store complex passwords. They use encryption to protect the passwords from attack, but like in any other cryptographic system, they rely on a secret key to encrypt the data. The typical approach is to derive the secret key used to the encrypt the password database from a master password. This eliminates the requirement to store it or protect the secret key; however, this approach doesn't work well for multi-user password managers, as team based password management applications need to allow for each user having his/her own unique password, and may require other features such as password sharing, fine grained access control, or domain integration. This paper explores a few ways that different password management applications work in a team environment, and the strengths and weaknesses of their implementations. By learning about some of the underlying technologies and principles, then analyzing a few popular software applications, the reader should be better equipped to choose a solution that best fits their functionally and security requirements.