Finally, the various client modules for LastPass have better interface consistency among themselves than most of the other tools we reviewed.
Lieberman Enterprise Random Password Manager
Lieberman's password solution is aimed at a different market than most of the other products in this review. Their idea is to strengthen privileged accounts and shared administrative access to critical local Windows and Linux servers. Typically, many users access the same privileged account and all of them need to know the password.
Given that many enterprises have dozens if not hundreds of servers, it is easy to overlook that many of them have stale admin accounts or don't know where they are located. A common situation is being able to change all local admin passwords on a regular basis.
The Lieberman tool discovers and strengthens all server passwords and then encrypts them and stores them in a special database. You can choose from 128- to 256-bit lengths for AES encryption as well. ERPM creates unique and complex passwords that you don't need to remember, and changes them as often as your password policies require, including daily if you are ultra paranoid. Each account login can have a different schedule and complexity requirement.
ERPM handles passwords on Windows service accounts, IIS accounts, SQL Server and Oracle database accounts, SharePoint, Directory Services, and Linux and other major platforms, both physical and virtual servers. As an enterprise product, it is designed to work with a variety of configuration management repositories such as CA, IBM and BMC's CMDB software and with system management tools such as Microsoft System Center, HP Operations Center and Arcsight.
All of these accounts are discovered without the need to install any agents on individual servers. Once it does find these accounts, ERPM will automatically detect password changes and make the updates across all the various systems and devices.
Installation is a bit of a hassle with a huge list of prerequisite software to support its services. We installed it on a box running an early version of Windows 8.1 and chose the default mySQL database for its password store. But once you get through this process, it is easy to maintain. One of its advantages is a continuous real-time automated account discovery of potential target accounts. You can also add accounts from your Active Directory store, from scanning particular IP address ranges, or individually. The new accounts are placed into a batch "change control" job that can be run regularly to update your password collection.
ERPM also includes a variety of audit reports so you can satisfy various compliance requirements and can output its information to various file formats for further processing by security management software. A number of preconfigured reports come with the software to get you started.