Bitwarden: Five Tips for Credential Management in Fintech

With the increase in cyberattacks prompted in part by the ongoing
Covid-19 pandemic, it is more important than ever for businesses to
have the correct security measures in place to avoid an attack.

Gary Orenstein is the Chief Customer Officer at
Bitwarden, and open-source password manager for
businesses and individuals. Here he shares his top considerations
for fintechs to pick the best password managers for their

Gary Orenstein, Chief
Customer Officer at Bitwarden

Fintech has driven significant innovation throughout the UK’s
finance industry causing major disruption to Financial Services
sectors. However, as the industry evolves so do cyber threats. A
recent PwC report noted that financial services
executives are already aware of potential risks. In its 19th Annual
Global CEO Survey, 69% of financial services’ CEOs reported that
they are either somewhat or extremely concerned about cyber
threats, compared to 61% of CEOs across all sectors. After
healthcare, fintech is the second most frequently attacked
industry. This comes as little surprise given the amount of
sensitive and high-value information these firms have access to.
Overall fintech firms have a unique set of security needs.

Not only has the industry got to protect vast amounts of
customer data, but it is also subject to regulatory and compliance
requirements. These combined circumstances mean fintech firms need
to acquire additional levels of security, such as credential
management solutions.

In this article, we’ll examine the top five considerations for
picking the right solution for your fintech company.

Choose a Solution With a Zero-Knowledge Encryption

Fintech companies should ensure the complete encryption of all
vault data when choosing a credential management system. Most

password management systems
employ an end-to-end encryption
model for users’ secure information. However, there are
well-known password management systems that do not encrypt
everything, for example leaving URLs unencrypted and visible to the
vendor. With URLs exposed, fintech firms do not have guaranteed
privacy of all of their vault data.

Focus on Open Source and Third-Party Audited

When considering software infrastructure as critical as
credential management, open-source solutions provide the widest and
most transparent view into the software. This allows fintech
companies, along with a global community, to continuously examine
the source code, understand its operation, and identify potential
vulnerabilities. This broad visibility is simply impossible with
proprietary software. Third-party audits further ensure confidence
for users that the software is operating as intended, with the
right encryption and security models in place. Open source provides
the easiest integrations and development. Of course,
developer-friendly access via a command-line interface (CLI) or
application programming interface delivers one level of
integration. The ability to see, examine and integrate the source
code gives flexibility beyond proprietary offerings.

Balance User-Friendliness With Appropriate Security

Security leaders must constantly balance usability and
protection. Choosing solutions that serve both technical and
non-technical users can help. Fintech firms should look to include
the following in credential management offerings:

  • Cross-platform compatibility across a wide range of browsers,
    mobile, and desktop operating systems.
  • Biometric logins where appropriate for end-user access.
  • A range of two-factor authentication options.
  • A broad community to assist users in all areas, beyond what any
    single company can provide.

With these capabilities in place, fintech companies can provide
powerful and complete credential management solutions to all of
their employees.

Ensure Complete Data Ownership When

Fintech companies often have to accommodate stringent security
measures, and abide by regional and industry compliance
regulations, leading to specific data ownership requirements. While
cloud solutions provide a compelling method to start and scale,
they are not always able to accommodate all of these more stringent
requirements. Choosing a credential management system that offers
the ability to self-host, in a private cloud or on-premises
environment, gives fintech companies complete data control. For
many companies, this leads to fast deployment since their private
cloud or data centre already complies with overall requirements.
Even if a company chooses to deploy via the cloud today, the option
to self-host is a compelling option to retain for future needs.

Pick Solutions With Complete Enterprise

No two companies are identical and having the ability to
customise configurations allows fintech businesses to set the right
security foundation for their team. For example, when onboarding
and offboarding users, companies may choose to link to their
Directory Services infrastructure to simplify user setup.
Enterprise policies play a critical role in customisation and
include the ability to determine password requirements, two-factor
authentication, and login path selections for users, such as
through an existing Identity Provider using Login with SSO. Logging
capabilities also help companies understand user behaviour, and
provide the audit trail necessary to do forensic analysis. Simple
methods to share log data with security information and event
management (SIEM) tools, such as Splunk, further solidify workflows
with the IT administration team

Empowering Employees With Credential

Unfortunately, employees are too often left to determine their
own credential management practices. Companies providing both the
tools and corresponding training reduce the risk of cyberattacks
and establish best practices for their employees to ensure the most
secure future for all. With cyber threats constantly evolving,
fintech firms should make sure hosting regular training for
employees on spotting cybersecurity threats a top priority this

The post
Bitwarden: Five Tips for Credential Management in Fintech 

appeared first on The
Fintech Times