Why PassHub is the Right Alternative to KeePass
by Daniel Waldman, on Tue 03 September 2019
When it comes to password managers for IT teams, KeePass is one of the most popular. And for good reason. It’s highly secure, can store hundreds of passwords, and it’s free. It’s also open-source, which means that the code can be audited, and it can be changed to suit a specific need.
That said, KeePass has a number of limitations that counteract both its convenience and its security measures. Because it’s free and open-source, it’s often the choice for enterprises. However, KeePass was made for individuals, not businesses, and it lacks many features today’s IT departments need, both from a security and a convenience standpoint.
If you’re an IT manager responsible for choosing password management software for your company, then it’s important to understand why using PassHub for Business might be a better, more flexible approach. Let’s take a closer look at why PassHub warrants serious consideration if you’re looking for a KeePass alternative in 2019.
What’s Wrong with KeePass?
First, we want to stress that KeePass is not a bad piece of software. It works very well for individuals. That said, it’s incredibly limited when it comes to using it in an enterprise setting or as a password manager for teams. For example, its architecture does not offer native sharing capabilities, meaning that users can’t share stored individual passwords with other users. They can only share the master password.
That might sound fine, but what happens when you have a contractor who should only have access to one of your password protected systems? If you’re using KeePass, you have to share the master password, giving them access to essentially every system. This has the potential of opening up systems with sensitive information to people who shouldn’t have access to them. For example, if you have a contractor working on a network project, and you share with them the master password so they can access network assets, then they likely also have access to, say, a database with sensitive customer information in it. This potentially exposes your firm to major risk of a data breach and industrial espionage.
On a similar note, another function that KeePass doesn’t deliver is user management. It’s simply not designed that way. All KeePass users are essentially granted the same level of access, as there’s really only a single account. You cannot grant granular access to specific systems or files to certain users. Thus, the only way to revoke access is to change the master password. If you share KeePass with only a small group of people, it’s probably not a big deal. But what happens when you’re an enterprise with a large IT department and hundreds of users? You can imagine that this gets a little complicated the more users you have. What’s more, if someone changes the master password, it’s impossible to a) see who made the change and b) see what was changed. It’s really an all or nothing approach, one that is prone to human error.
Lastly, KeePass was originally only developed for Windows. Because it’s an open-source project, though, different communities have ported it to other platforms (Android, Mac, iOS, etc.). While this seems like it’d be a good thing, it actually poses a major challenge, as there are a variety of update and compatibility issues. What happens when you’re working in a mixed platform environment? What happens when your business has a Bring Your Own Device policy, where anyone can use any mobile phone they want for work? The result is that not all versions are updated at the same time, nor are they necessarily compatible.
How PassHub Stacks Up
When we developed PassHub, we were specifically thinking about the challenges we ourselves experienced using KeePass. Our goal was to provide users with improved and extended functionalities. Here are some key areas where PassHub really shines as a KeePass alternative, particularly for enterprise IT departments.
Accessible anywhere on any device
Because KeePass solely resides on your computer or other device, it doesn’t need to connect to a central network. That just means accessing it is only possible on that particular device. This is insufficient in today’s modern world, where people use multiple devices to access data.
PassHub is a web service, making it accessible on any modern browser on any device (Chrome, Safari, Firefox, Edge, etc.) on any platform (Windows, Mac, or even Linux). What’s more, to provide an additional layer of security, we developed the PassKey app, which provides client-side encryption and multi-factor authentication.
Client-side encryption means that all sensitive data is ciphered with a PassKey in the user browser. No meaningful information is accessible on the server side. We use asymmetric cryptography to send crypto keys to your peers, thus providing end-to-end encryption. When a user signs in, the browser gets an encryption key, specific for each user-web site pair.
Additionally, PassHub employs Web Crypto JavaScript API as specified by W3C. Web Crypto API establishes new standards for security and speed for in-browser cryptography. While all modern browsers support this spec, PassHub also relies on open-source Forge crypto library as a fallback on older devices.
User management and granular access
PassHub allows system admins to grant and revoke access to users, but they cannot access what those users put into PassHub. That includes passwords and other stored files with sensitive information. Additionally, system admins can grant users access to a single safe, a set of safes, or the entire PassHub vault, but they themselves are not able to access the contents of those files. Thus, information is shareable on a granular basis while also maintaining a high level of security by protecting against insider threats.
PassHub offers one-step sharing with revocable access
Users can also share single safes with other users, allowing them to see only that safe and nothing else. Once the need to access that safe is passed, the data owner can revoke the access instantly.
PassHub offers customization
Like KeePass, PassHub also offers an open-source version that can be customized. But this often takes a significant amount of experience and time to do. That’s where WWPass comes in, as we can customize the PassHub features and provide the modified code to you.
PassHub offers seamless migration from KeePass
Perhaps best of all, we’ve built a powerful tool to make migrating from KeePass to PassHub easy. This can save a mountain of time for KeePass users with thousands and thousands of passwords stored.
If you’re looking for a password manager that’s a solid KeePass alternative, give PassHub for Business a shot with our 30-day free trial!