Corporate identities are the most valuable digital asset for hackers today. They are constantly being attacked and are perpetually at risk. Identities are the proverbial keys to the kingdom, and include private enterprise applications, devices, networks and data. If a hacker were to gain access to the right credentials, it could be devastating to an organization.
One of the best ways to keep corporate identities safe is to practice proper password management. From an IT perspective, this entails determining the types of passwords that are acceptable and where they are housed on the company’s systems. It also focuses on having a unique password per service where possible.
In this slideshow, Rajat Bhargava, CEO and co-founder, JumpCloud, has identified the top five factors of sophisticated password management strategies used to protect corporate identities.
Password Management Best Practices
Click through for the top 5 factors of sophisticated password management strategies used to protect corporate identities, as identified by Rajat Bhargava, CEO and co-founder, JumpCloud.
Complexity
Choosing an appropriate and secure password is vital when ensuring the protection of a corporate identity. Long gone are the days when P-A-S-S-W-O-R-D was an acceptable password, and IT admins need to get strict on the types of passwords that will make the cut. IT needs the capability to define minimum attributes for passwords, including length (arguably the most important feature of a secure password), and character type to control each password’s strength. While employees may get annoyed by long, overly complicated passwords that entail lower and uppercase letters, numbers and symbols, this is the first line of defense to stop hackers from accessing corporate identities.
To assist in this effort, many tools on the market support generating complex passwords. Keepass is a password manager with a five-star rating on SourceForge. This tool is open source so its integrity can be scrutinized by anyone. Keepass can be run out of your browser, is easy to use, and doesn’t automatically put your database in the cloud, which makes it even more secure. LastPass enables employees to utilize and manage highly complex passwords across both work and personal accounts without having to memorize or store them somewhere insecure like a Word document or spreadsheet. It also has a feature that points out vulnerabilities in passwords and fixes them.
Rotation
IT admins can also specify whether the most recent password can be re-used, the password rotation duration, and the number of failed attempts allowed. Employees should be changing their password every 30 to 90 days (depending upon the criticality of the IT resource), and they should not be allowed to repeat their last five passwords. Rotation has a secondary benefit: It makes it much harder for employees to use the same password across many IT resources, which is a critical issue to solve.
Storage
In addition to where passwords are stored, IT admins must be careful about how they are stored. By storing passwords after they’ve been one-way hashed and salted, admins can provide an additional layer of security. They should also consider other encryption methods like SHA512, as previous encryption algorithms have been compromised.
Single Sign-On
Utilizing single sign-on functionality will enable employees to access different IT resources across an organization including devices, applications and networks. By permitting users to enter one name and password for everything, IT admins don’t have to worry as much about employees losing or forgetting passwords. In addition, it is far easier to remember a single, highly secure password than a handful of weak passwords. Many SSO solutions create trust in a way that is different and potentially more secure than username and password.
Directories
Cloud-based directories are considered by many to be the ultimate IT admin tool for password management, providing superior protection for corporate identities. They will connect employees to the IT resources they need, and at the same time just as easily and just as quickly deprovision those employees if they were to leave the organization. A centralized directory will not only give IT all of the tools they need to properly manage passwords, but also make it harder for attackers to leverage corporate credentials if they were to obtain them. As more companies figure out how to leverage cloud infrastructure, heterogeneous environments, multiple web-based apps, et al., more sophisticated password management will be needed.
Conclusion
IT admins have more responsibility than ever to protect corporate identities. Their roles are critical to ensuring that enterprises continue to function optimally and securely. But employees will likely take the path of least resistance when it comes to selecting, rotating and storing passwords. By forcing users to practice better password management, IT plays a crucial role in protecting corporate identities, private data, and the livelihood of the company as a whole.