Eliminating Static Passwords - Hitachi ID Privileged Access Manager

On many systems, privileged passwords used by systems administrators, embedded in applications or used to launch services are never changed.

This may be because they are too numerous to change or because there are dependencies between people, services and passwords, which are difficult to update after a password change.

As a result, the most sensitive passwords in many organizations are also the passwords that are least securely managed and which intruders may try to guess at their leisure.

• Privileged Access Manager can randomize privileged passwords frequently -- normally every day.
• Privileged Access Manager includes various mechanisms to disclose current password values to authenticated and authorized parties:
  • To day-to-day administrators, subject to authentication and access control policies.
  • To staff in the event of an emergency or one-time need, subject to workflow authorization.
  • To service-launching programs on Windows, after every password change.
  • To applications, via a SOAP API, replacing embedded, plaintext passwords.

Using Privileged Access Manager, static passwords are eliminated.