We changed our name from IT Central Station: Here's why
2020-06-18T06:06:00Z

What are some best practices to implement for secure employee password management?


There are many enterprise password managers available to help with employee password management. Aside from using a password manager, what else can be done to ensure that employee passwords are secure?

ITCS user
Guest
66 Answers

author avatar
Top 5LeaderboardReal User


The general best practice says that all the users in a company must attend security awareness trainings regularly in order to be updated in infosec. The companies that provide security awareness trainings platforms have already created tons of content that remind why users should stick to particular rules when dealing with passwords. Because having password manager and using it sometimes make the difference.


2021-05-07T17:06:12Z
author avatar
Top 5LeaderboardReal User

One of the biggest concern is users are not restarting their windows systems for long time, which allows the attacker to steal the memory cache. So in my opinion user should schedule their system restart in timely fashion.

2020-06-19T04:09:59Z
author avatar
User

I am a big Lastpass user - and I utilize the analysis tool it has.  In my CIO days we had 3rd party IT Controls companies come in and run password cracking tools to identify weak passwords

2020-06-18T16:27:25Z
author avatar
Top 5LeaderboardReal User

I am going to disregard answering from the Ransomware aspect as write access can be a problem and the mitigation is different.


As much as I love the answer from Denys, the only time employee passwords are a concern is when they are also privileged and then not managed properly. 


Small company: If an employee has an account that is also privileged I recommend rotating the password daily. Active Directory can manage the AD perspective quite well requiring daily password changes and reducing the PtH (Pass the Hash) vulnerabilities.


Medium & Large company: A PAM solution can allow a privileged user to "Check Out" a password that is then immediately rotated upon check-in. Audit records, session recording and keystroke logging are a plus.


When determining the budget for this type of solution and an old maxim is recalled: "The cheap comes out expensive". Another consideration is not just financial loss, but reputation loss, when the ransom is followed up with a reputation threat, and you pay twice.


I will refrain from the High-Availability and Fail-Over discussing for brevity.

2021-10-25T14:20:45Z
author avatar
User

Make explicit distinction on defining what passwords are personal and what are business/work related and separate those two types in the primary stage to help/ease  applying strict policy on those business/work related  ones and secure them easily next to defining  password vaults/environments related to departments (sales gets its own password environment, engineering gets its own etc )

2020-07-06T10:09:18Z
author avatar
Top 5LeaderboardReal User

There are many enterprise password managers available to help with employee password management. Aside from using a password manager, what else can be done to ensure that employee passwords are secure?

2020-06-18T15:29:38Z
Find out what your peers are saying about Microsoft, Thycotic, CyberArk and others in Enterprise Password Managers. Updated: January 2022.
565,304 professionals have used our research since 2012.