1. Purpose of this Guide
This artefact proves your company uses a trusted password manager to wrangle logins safely. Cyber Essentials requires this because weak, reused, or sticky-note passwords are easy prey. A password manager keeps accounts organised, unique, and far harder for attackers to crack.
2. What You Will Submit
You will need:
-
A screenshot or report from a trusted password manager.
-
The evidence should clearly show:
-
Secure credential storage.
-
Strong password generator feature.
-
Password strength/security checks.
-
(If possible) MFA/2FA setup options.
-
3. How to Collect / Obtain / Generate This Evidence
For StrongKeep Customers:
-
Log into the StrongKeep Dashboard → Password Manager (coming soon).
-
Click Generate Report.
-
Download the PDF or screenshot showing secure storage and features.
For other password managers (Bitwarden, 1Password, LastPass, Keeper):
-
Log into the admin/user console.
-
Go to Vault / Security Dashboard / Reports.
-
Screenshot showing:
-
Password strength report.
-
Enforced use of unique/strong passwords.
-
Any MFA/2FA or secure sharing features enabled.
-
4. Evidence Format
-
Accepted file types: PNG, JPG, PDF.
-
Suggested naming format:
YourCompanyName_PasswordManager_YYYY-MM-DD.png
Example:AcmeCorp_PasswordManager_2025-07-01.png
5. What “Good” Looks Like
-
Screenshot/report shows actual credential storage (not an empty vault).
-
Passwords assessed for strength/uniqueness.
-
Secure password generation features visible.
-
MFA/2FA setup supported or recommended.
Why it matters: auditors want proof you’re not relying on memory or spreadsheets, but a trusted system with best-practice security features.
6. Tips
-
Redact actual usernames or account names before uploading.
-
Make sure the report is recent (not years old).
-
Combine this with your Password Compromise Screenshot to show both proactive (compromise detection) and preventive (trusted manager) controls.