Lieberman supports various multi-factor authentication tools, including RSA SecurID and YubiKey, along with other one-time methods. Users can be authorized for particular accounts to either recover or reset specific passwords too.
One nifty feature of ERPM is being able to recover a password through its Web client. Any user with the right access rights can use it, and these requests are logged as well. You can also set up rather complex workflows to approve privilege escalation requests.
Lieberman also works with a third-party tool called Balabit's Shell Control Box, an activity monitoring appliance, to restrict user access to privileged resources.
The biggest downside to ERPM is its cost. The entry-level price tag is a steep $25,000, but that includes unlimited users and accounts. Given the rather unique market position for ERPM, this could be a reason why it is so pricey.
1Password is an individual consumer product without any enterprise management capabilities. It has versions for Windows including Windows 8, Mac, iOS and Android phones. The Windows 8 support is fine with non-IE browsers: if you use IE, you have to bring it up from the desktop and not from the Metro interface, although they are working on fixing that.
The software sets up a local password vault and then synchronizes the vault using a variety of cloud-based external services, such as Dropbox or iCloud. We had issues getting this synchronization to work initially because the instructions are somewhat ambiguous. But once this is setup it works as intended. When you bring up the app either on your desktop, in your mobile smartphone, or the browser plug-in -- you are asked for your master vault password to unlock it. You can then add new services or recall particular passwords or information from the vault.
One of the biggest advantages with 1Password is that it has an extensive collection of different kinds of things that it can protect inside its vault, including credit card numbers, text notes, and software license information along with the usual login identities. Everything placed in the vault can be accessed on every other platform, which is very convenient. You can also add file attachments to each login record, this could be useful to include copies of your emails or pictures of your contract signatures as handy references.
There are a number of additional features for the iOS version, such as sending you to a secure browser session where you can clear any Web-based data for additional security. There is also a demo mode where you can show your associates how the software works without revealing any actual passwords, since mobile users like to share their apps more often. Eventually, these features will find their way into the desktop and browser versions.