Skip to main content

Secure Password Management - Hitachi ID Password Manager

Passwords are only as good as the weakest link in the password management process. In practical deployments, the security of password management depends on more than just choosing a strong password:

  • Passwords must be reasonably easy to remember, or users will either forget them or write them down.
  • Passwords must change regularly, or else intruders will have too much time at their disposal to guess them.
  • Passwords must be stored and transmitted in an encrypted or hashed fashion, so that they cannot be intercepted on the network or recovered from improperly secured systems or media.
  • When users forget their passwords, both the user and the help desk agent must be authenticated by a process that is at least as reliable as the password it replaces, prior to the user getting service. Otherwise, intruders will simply call the help desk to reset their intended victim's password, rather than attacking the password directly.
  • Administrative changes made to passwords, by help desk staff or systems administrators, must be logged, forming a sound audit trail. Otherwise, a help desk agent or system administrator could abuse a user's login ID without leaving a trace, and consequently without accountability.
  • Help desk staff who are given the right to reset forgotten passwords, or to clear intruder lockouts, should not receive other privileges unless they actually need them. Help desk staff are numerous and have high turn-over, so their access should be strictly limited.
  • Failed authentication attempts -- with passwords or other processes, should be logged and trigger alarms and lockouts on repeated failures. Otherwise, intruders will be able to carry out prolonged attacks at their leisure.

Hitachi ID Password Manager is designed to secure the entire password management process.

Read More:

  • Secure Password Management:
    Passwords are only as good as the weakest link in the password management process.
  • Locking down Password Manager:
    Protecting the Password Manager server, its data and its communications against attack.
  • Password Policy Enforcement:
    Password Manager can enforce a global password policy, ensuring that users choose hard-to-guess passwords, never reuse passwords, and change their passwords regularly.
  • Security vs. Usability:
    The human factor is important when formulating password policies and designing authentication processes.
  • Consistent Authentication Processes:
    Social engineering attacks, packet sniffing and other mechanisms can be used to compromise password security without having to directly crack passwords.
  • Delegating Password Reset Privileges:
    Delegating just the right to reset password to help desk staff or managers, without giving them other, unneeded rights.
  • Audit Logs:
    Audit Trails and transaction logs create accountability in security processes.
  • Authentication Options:
    Authentication processes supported by Password Manager for securely logging in users.
page top page top