2020-06-18T06:06:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 5
  • 55

What are some best practices to implement for secure employee password management?

There are many enterprise password managers available to help with employee password management. Aside from using a password manager, what else can be done to ensure that employee passwords are secure?

6
PeerSpot user
6 Answers
Denys Zalevskyi - PeerSpot reviewer
Owner at Ekforce LLC
Real User
Top 5Leaderboard
2021-05-07T17:06:12Z
May 7, 2021


The general best practice says that all the users in a company must attend security awareness trainings regularly in order to be updated in infosec. The companies that provide security awareness trainings platforms have already created tons of content that remind why users should stick to particular rules when dealing with passwords. Because having password manager and using it sometimes make the difference.


Search for a product comparison in Enterprise Password Managers
GJ
PAM Architect at a tech services company with 11-50 employees
MSP
Top 5Leaderboard
2021-10-25T14:20:45Z
Oct 25, 2021

I am going to disregard answering from the Ransomware aspect as write access can be a problem and the mitigation is different.


As much as I love the answer from Denys, the only time employee passwords are a concern is when they are also privileged and then not managed properly. 


Small company: If an employee has an account that is also privileged I recommend rotating the password daily. Active Directory can manage the AD perspective quite well requiring daily password changes and reducing the PtH (Pass the Hash) vulnerabilities.


Medium & Large company: A PAM solution can allow a privileged user to "Check Out" a password that is then immediately rotated upon check-in. Audit records, session recording and keystroke logging are a plus.


When determining the budget for this type of solution and an old maxim is recalled: "The cheap comes out expensive". Another consideration is not just financial loss, but reputation loss, when the ransom is followed up with a reputation threat, and you pay twice.


I will refrain from the High-Availability and Fail-Over discussing for brevity.

Sanjeet Kumar Bhuyan - PeerSpot reviewer
Security Consultant and Cybersecurity Support at a tech services company with 51-200 employees
Real User
2020-06-19T04:09:59Z
Jun 19, 2020

One of the biggest concern is users are not restarting their windows systems for long time, which allows the attacker to steal the memory cache. So in my opinion user should schedule their system restart in timely fashion.

TS
Director, Consulting Practice at Kenneth J Sole and Associates
User
2020-06-18T16:27:25Z
Jun 18, 2020

I am a big Lastpass user - and I utilize the analysis tool it has.  In my CIO days we had 3rd party IT Controls companies come in and run password cracking tools to identify weak passwords

RD
User at Rabobank
User
2020-07-06T10:09:18Z
Jul 6, 2020

Make explicit distinction on defining what passwords are personal and what are business/work related and separate those two types in the primary stage to help/ease  applying strict policy on those business/work related  ones and secure them easily next to defining  password vaults/environments related to departments (sales gets its own password environment, engineering gets its own etc )

GJ
PAM Architect at a tech services company with 11-50 employees
MSP
Top 5Leaderboard
2020-06-18T15:29:38Z
Jun 18, 2020

There are many enterprise password managers available to help with employee password management. Aside from using a password manager, what else can be done to ensure that employee passwords are secure?

Learn what your peers think about Delinea Secret Server. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.
Related Questions
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 8, 2021
Dear IT Central Station community, What advice can you share with the community (especially with enterprise users) on Password Day 2021? Thanks, IT Central Station Community Team
2 out of 4 answers
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 7, 2021
@Bernard Komdeur ​, @Sylvain Déjardin ​, @Thomas Zeulner ​, @Md.Ahsanur Rahman ​, @Denys Zalevskyi , can you please chime-in here? Thanks
GJ
PAM Architect at a tech services company with 11-50 employees
May 7, 2021
The very question is endemic of the problem associated with passwords. A day devoted to password considerations. Tomorrow they will be long forgotten. As I see it, there are a few levels of considerations to be included in this question: Personally related Banks Brokerages Utilities Commercial credit cards Private Memberships Organization memberships Financial responsibilities Membership Roles & Access Professional Internal organizational Email SharePoint Workday Client based VPN Access oriented (Systems, applications, resources) Most personal users use the same password for ALL their connections. Worse, many users cache and remember these connections in their browsers. This is the #1 area I would suggest addressing to have the greatest positive impact for Home User scenarios. A good password with length and complexity is the start, followed by having a password vault, with Norton Password Safe being my favorite, but Pwsafe and KeePass are good candidates for storage of many complex passwords. Apply these principles personally and professionally.
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
Sep 1, 2020
What are some of the most important considerations to keep in mind when evaluating enterprise password managers?
See 1 answer
Sep 1, 2020
Compatibility with installed business and infra applications.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Jun 3, 2022
Top 8 Enterprise Password Managers Tools PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for th...
See 1 comment
JT
CTO at NATIONAL MOTOR FREIGHT TRAFFIC ASSOCIATION INC
Jun 3, 2022
I am implementing Thycotic Secret Server (now Delinea) for my new company. This will be the second time I have implemented it.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Jun 3, 2022
Top 8 Enterprise Password Managers 2022
Top 8 Enterprise Password Managers Tools PeerSpot’s crowdsourced user review platform helps tech...
Download Free Report
Download our free Delinea Secret Server Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,465 professionals have used our research since 2012.