Privileged Password Management
Privileged password management is one of several equivalent terms that refers to privileged access management. This particular variant is somewhat limiting, because it focuses on the management of the passwords of privileged accounts, ignoring other access disclosure methods, such as temporary privilege escalation through group membership or SSH trust relationships.
Hitachi ID Privileged Access Manager secures sensitive passwords by periodically randomizing them:
- On push-mode servers and applications:
- Periodically -- for example, every night between 3AM and 4AM.
- When users check passwords back in, after they are finished using them.
- When users request a specific password value.
- In the event of an urgent termination of a system administrator.
- On pull-mode systems -- such as laptops or rapidly provisioned VMs:
- Periodically -- for example, every day.
- At a random time-of-day, to prevent transaction bursts.
- Opportunistically, whenever network connectivity happens to be available from the workstation to a central server.