Your passwords’ strength and level of control will determine how likely it is that a cyberattacker will access your business. In this situation, applying good Privileged Access Management (PAM) practices to strengthen your passwords is your best choice.
From that moment on, your company’s passwords will be considered privileged. That is a word or phrase designed to differentiate an authorized user or process from an unauthorized user.
In more technical words, privileged passwords are a subset of credentials that provide high access and permissions on accounts, applications, and systems.
Privileged access on Linux and Unix, and the Administrator account on Windows, provide any user with virtually unlimited privileged access rights to an organization’s most critical systems and data.
These are precisely the kind of access that hackers seek no matter the costs. That’s why you should be prepared and strengthen your credentials in time with privileged password management. Eventually, we’ll show you how to do it; but, first…
How to prevent your passwords from being compromised?
Before delving into the eight best practices we have prepared for you, we want to show you some of the steps you can take to strengthen your passwords.
- Increase their size to at least 12 characters
- Mix uppercase, lowercase, numbers, and symbols when creating them
- Make them unique, complex, and meaningless
- They shouldn’t contain words easily found in a dictionary or a sequence of letters from a keyboard
- Change them frequently depending on the password age, use, and importance for security
- Forbid your team to reuse passwords for personal and work purposes at the same time
- Look for a new password when you give it to someone else
As we mentioned before, these are some tactics you can apply to strengthen your passwords. However, most users do not practice them very frequently. Why?
It seems that the number of passwords an employee must remember to access various accounts, systems and applications are very high. This number can go from almost a dozen to more than a hundred.
That’s why, when it comes to privileged credentials, organizations still face several challenges that put their assets and information integrity at risk.
What’s more, although password management automation is evolving, most organizations still rely on manual/humane password management practices.
Some common password attack techniques
This situation leads to cyber-attacks of different kinds. Some of the techniques most used by cyber-attackers are:
Brute force attacks
Attackers try out millions of basic password combinations (in a matter of seconds) until they find the right one and gain access to a company’s internal resources.
Dictionary attacks
Unlike a brute-force attack, the attacker tries to guess passwords based on words from a dictionary in any language.
Pass-the-Hash (PtH) attacks
Through this method, a hacker can violate Single Sign On (SS0) through NTLM, Kerberos, and other authentication protocols. These attacks are more common on Windows devices.
Pass-the-Ticket (PtT) and Golden Ticket attacks
These types of attacks are a variation of PtT and consist of the theft of the krbtgt account on a domain controller that encodes the ticket-granting tickets (TGT).
Social engineering password attacks
They are better known as phishing or spear-phishing and involve tricking people into revealing information that can be used to gain access.
Through these attacks, hackers seek to take advantage of a company’s most vulnerable passwords. This way, they exploit an organization’s weak access.
Fortunately, there are good practices to strengthen your access. This way, you can prevent your company from remaining in a disadvantageous position against cyber-attackers.
What is BeyondTrust’s Privileged Password Management?
The privileged password management is a digital security method created by BeyondTrust. It looks to effectively manage the life cycle of privileged credentials.
It also seeks to facilitate secure authentication for users, applications, and resources. Also to guarantee the security in the accesses of your company.
The truth is that privileged password management can be carried out from certain actions. Below are the eight best practices for strengthening your company’s credentials.
Good practices and benefits of privileged password management
These privileged password management solutions will provide you with automated resources and streamlined workflow throughout the passwords.
1. Discover all your company’s privileged accounts
This includes administrator accounts, users, and applications. Also service accounts, SSH keys, database accounts, cloud, and social network accounts, and other privileged credentials. It also takes accounts used by third parties/providers, on their premises, and in the cloud infrastructure.
Also, the process should include all platforms (Windows, Unix, Linux, Cloud, on-premise, etc.), directories, hardware devices, applications, services/daemons, firewalls, routers, etc.
It should also include collecting user account details that will help you assess risk. It should also highlight where and how privileged passwords are used and help to show security blind spots, and also mispractices.
Finally, the process’s findings will allow you to reconsider your policies and adjust your account access permissions. This will lead you to make periodic discoveries to make sure that each privileged credential is protected.
2. Bring privileged access and credentials under centralized management
Perform this integration process right at the time of password creation or during a routine discovery scan. We recommend you centralize the storage of privileged credentials in an encrypted database and also to record the values in an Excel spreadsheet.
Similarly, it wouldn’t be a bad idea to apply an automated digital safe solution for corporate passwords. This will provide you with an encrypted database from which you can manage the password life cycle.
3. Enable password rotation
Perform this rotation in an Excel spreadsheet and then manually log in to the accounts and associated systems. Although it isn’t highly scalable, it’ll provide you with some coverage for password management in simple environments.
You can also approach the process in an automated way based on a safe digital for corporate passwords. This will allow you to have the peace of mind that all your privileged credentials will go through the regular rotation.
4. Implement privileged session management
This practice will serve to improve oversight and accountability about your accounts and privileged credentials. In this case, an automated solution will allow you to manage the process transparently and with a scale of hundreds or thousands of simultaneous sessions.
5. Address non-human & machine credentials
Implement API calls to gain control over scripts, files, code, and inserted keys, removing inserted and encrypted credentials. Once you achieve this, you will be able to automate the passwords rotation with the right frequency.
6. Control SSH keys
The approach to SSH keys should be the same as any other password but accompanied by a key pair that must also be managed. Rotate the private keys and passphrases regularly and make sure that each system has a unique key pair.
7. Utilize threats analytics
Always analyze privileged passwords, users, and account behavior. With this continuous process, you will be able to mitigate risk and develop a policy as needed for your company.
The more integrated and centralized your password management is, the easier it will be for you to generate reports related to accounts, keys, and systems exposed to risk. Consider automation to accelerate your awareness and orchestrated response to threats.
8. Automate workflow management
In this process, you can apply automated third-party solutions to optimize the entire password management life cycle. Some of them can be:
- Grouping and managing assets according to smart rules
- Apply device access workflows
- Employ workflows to ensure access to password-managed systems in emergencies
- Verify digital safe passwords input and output of and automated authentication
- Apply user login for RDP and SSH sessions without revealing the passwords
- Trigger a supervisor’s approval request to verify highly sensitive credentials
- Initiate privileged session monitoring and alert to any critical or suspicious activity
So, how to implement privileged password management?
After you discover all of your company’s privileged credentials and have them in a baseline, set priorities and detail a policy of privileged passwords.
Also, implement automation in your privileged password management life cycle to increase your efforts in implementing these best practices regarding passwords strength.
Now, although applying privileged password management is not a rare issue, you should have a piece of good knowledge on the principle of minimum privileges. Besides, you also need to know how to implement it within a wide-ranging structure.
In case you don’t know how to do it, don’t worry. At GB Advisors, we are experts in Digital Security and ITSM software implementation. You can contact us to receive professional and personalized advice on applying privileged password management.
Finally, if you consider that these good practices will guide you to strengthen your passwords, do not hesitate to request the exclusive BeyondTrust’s demo or free version through this link.