Organizations struggle with password security and getting to the bottom of password management best practices can be tough. There are many systems in a modern organization needing password protection. Each also offers varying levels of password complexity. Organizations can suffer serious fallout from a breach when an account’s password is compromised, therefore the need for a strong password management implementation is high.
That’s why we’re reviewing PWM best practices today, to ensure that you are resolving these security gaps. While we’ve talked about the journey companies take to achieving a fully mature password management implementation, we want to look at what best practices you should be using while going through your implementation.
What Are the Benefits of Password Management
Oftentimes in the OT landscape, for instance, endpoints don’t allow for complex passwords or even various usernames. This results in a lot of sharing of passwords, sometimes even across various devices. While sharing passwords is its own issue, these issues compound when an employee is dismissed, as now you have a serious security vulnerability. How many machines could that person access using the username and password that they know?
Having a system in place to manage your passwords, allowing you to change them quickly, to checkout passwords as needed, or, in the event of an emergency situation where access to critical infrastructure is needed immediately, to switch them to the same password and then change them back to a unique password after the problem is resolved, provides many benefits to your organization.
Implementing a strong PWM solution and using password management best practices while doing it, will offer you better flexibility and security of your fleet.
Password Management Benefits:
- Protect older devices with limited password complexity
- Quickly change passwords during an emergency and change them back afterward.
- Easily manage security vulnerabilities of known endpoint credentials when an employee is terminated
- Reduce or remove the sharing of credentials within the organization
- Schedule password changes as required by your company or compliance needs.
- Enable password checkouts
With these benefits in mind, let’s review the password management best practices that grant you all the capabilities of a strong implementation.
Password Management Best Practices
Protect Older Devices with a Password Management Solution
OT assets can be difficult to protect. Some of these OT assets do not provide the same level of complexity, from passwords or other security features, that IT teams have access to on their newer devices. In this event, you should require users to access it indirectly. For example, ConsoleWorks can know the endpoint’s true password, while all users connecting to the device must login with their own credentials and passwords to ConsoleWorks, which then brokers that connection. Make sure your PWM solution offers this functionality.
Don’t Reuse or Share the Same Passwords Across Devices
This still happens all too often and is an important password management best practice to make sure you are following. You amplify security challenges by sharing passwords or using the same one. If an employee is terminated, you now have a much more complex security issue. How many logins do they know and to how many devices?
In the event of sharing those logins, it is not as easy as deactivating the terminated employee’s account. In some cases, you may not even know the extent of their access due to the shared knowledge of passwords across devices.
Use Multifactor Authentication
Compromised passwords are among the most common methods of attack. To strengthen your defense against it, you should enforce multifactor authentication methods in order to gain access. At least in the event of a compromised password, there are still more hurdles to overcome to gain entry through that compromised account due to further steps being necessary to verify identity. Your most advanced systems, as we discussed in our maturity model, will use many different contextual points to ensure the user is who they really say they are.
Use a Password Manager
A password manager should be used to protect your most privileged credentials. This, in coordination with other cybersecurity solutions like privileged access management, will secure your critical assets. A good password manager can also automate password functions for you, increasing your productivity in addition to heightening your security.
Best Practices that Keep You Secure
These password management best practices will help you along your way to a strong implementation. If you missed our previous best practices, you can also review our best practices for role-based access, network segmentation and baseline configuration monitoring.
With these best practices in mind, you’re ready to take the next step in your implementation. Should you have any questions, we are always available to talk about your particular needs here.
