FEATURE
The most
important security
recommendation
for everyone is to
ensure that every
password you use
is unique and not
shared with any
other resource.
compromised account and password to
attack other resources. The attacker’s
options and movement are significantly
limited, though they could try to leverage
advanced techniques to steal other
credentials from the system they have
compromised, such as by scraping
passwords from memory. In that case,
not only generating unique passwords,
but also rotating passwords frequently
will help mitigate the attack.
most businesses that need to share
accounts (due to technology limitations)
and automatically generate unique
passwords, such as to keep up with
employee changes or to meet regulatory
compliance guidelines.
Another security best practice to be
mindful of — a password alone should
never be the only authentication
mechanism for critical data, sensitive
systems and potentially daily operations
into those resources. Multi-factor
authentication (MFA) or two-factor
www.intelligentciso.com
|
Issue 23
authentication (2FA) should be layered
on top to ensure a unique password,
per account, is actually being used by
the correct identity when authentication
is required.
One key merit of this universal security
recommendation is that it ensures that
if your password is stolen, leaked, or
inappropriately used, it can only be
leveraged against the corresponding
resource assigned (if MFA or 2FA
is not present). If passwords are
unique, a threat actor cannot use one
Solutions for privileged password
management across an organisation’s
entire information and security
infrastructure can help. Advanced
tools provide automated management
for sensitive accounts and passwords
(including SSH key management), such
as shared administrative accounts,
application accounts, local administrative
accounts and service accounts, across
nearly all IP-enabled devices.
This helps ensure this top security
recommendation can be implemented
across any organisation to enforce
strong enterprise password security. u
39