Have you ever added up how many different passwords you use in a day? Does your mind go blank when you sit down in front of the screen to type in yet another one? Ever wondered if all those forgotten passwords end up in the same place as those missing odd socks? And if you think you've got it bad, what about the IT administrator who has got hundreds to memorize, including the ones that give access to the most sensitive parts of the company.
The backbone of every enterprise infrastructure is a network of servers, network devices, security and other infrastructure that creates the complex communications network of a company. Every day, systems, network and security administrators log onto these critical infrastructure points for routine maintenance and repair. Many of them have "root" and "administrator" privileges, either with their personal user or with their commonly used accounts.
It's surprising how many organizations resort to storing passwords on spreadsheets and databases. A quick penetration test will show just how easy it is to get at these documents. Mismanagement of administrative passwords is a major cause of security breaches and one of the top reasons for long recovery processes from IT failures.
The most effective way to reduce the hazards is to apply an effective policy, including:
Calum MacLeod is senior consultant for Cyber-Ark