Changing user passwords on a regular basis has long been a basic – and well known – tenet of IT security. But when it comes to password security, privileged passwords (admin, root and such) are often overlooked.
While we already knew this to be the case, we now have the data to back up our hypothesis. A majority (55%) of IT professionals make end users change their passwords more often than they change administrative credentials. This according to our survey of almost 200 IT professionals at RSA Conference 2016.
That figure is not surprising. Without an automated solution to manage all the privileged credentials that exist in large networks, it’s not uncommon for administrative passwords to be rarely updated in many organizations.
It’s difficult for an IT staff to keep track of all their admin passwords. It gets even more complicated when you’re expected to know every place where the credentials are used – and what might break when they’re updated. But because of the sensitive systems that these credentials protect, frequent privileged password changes are essential.
But how often is this being done? Here’s what we learned in the survey: 10% of respondents admit that they never change administrative credentials.
74% change administrative passwords on at least a monthly basis. That sounds a lot better. After all, most regulatory compliance regulations require organizations to change privileged credentials every 30 days minimally.
However, even a 30 day password update rate may not be frequent enough. Cyber intruders and malicious insiders look for passwords that let them jump from system to system on a network until they find what they want. How much damage can they do in the time before their stolen credentialsare invalidated?
Meanwhile, only 1% of those we surveyed change their administrative passwords daily.
Privileged Credential Security Threats Revealed
When an employee leaves a job, there’s typically a standard set of practices that are followed. Checking in physical keys and equipment, transitioning documents and contacts to other employees, and so on. But is there a process for changing the administrative credentials someone used while employed?
We asked respondents: If you left your organization, could you still access your admin credentials remotely? 15% claimed that they could.
This is important because former IT employees and contractors are potentially serious security threats. They often know the password secrets that let them login to systems and applications on the network. If privileged credentials aren’t continuously changed, shutting off former employees’ logins, odds are these ex-employees can still gain administrative access long after their employment ends.
How about among current employees? How secure are the privileged credentials they use? We decided to look at how many IT pros share administrative passwords within their IT groups. Turns out, 36% of them said this occurs at their organizations.
It’s a common IT administration practice. IT pros are busy people, balancing their daily administration tasks with unexpected emergency repairs. So, looking to simplify matters, systems administrators often re-use the same password across many systems and share this password with other IT administrators.
This is convenient for them. The problem is, if a hacker or malicious insider gets hold of this shared password, he’s just gained access to systems around the network.
If you want more information on these and other findings (including how many respondents say they’re prepared for a cyber attack).
generic for viagra viagra prescription online viagra online usa
how to buy viagra generic viagra where to get viagra
cialis lowest price buy tadalafil how long does 20mg cialis keep in system
viagra cheap viagra without a doctor prescription cheap generic viagra
ed natural remedies viagra without a prescription online drugs
viagra cost per pill buy generic drugs cheapest generic viagra
viagra prescription cheap ed pills how much does viagra cost
viagra prescription online buy viagra generic viagra walgreens
cheap viagra 100mg buy viagra online cheap viagra
goodrx viagra viagra canada viagra online
what are ed drugs ED Pills best medication for ed
mens erections is it illegal to buy prescription drugs online over the counter ed
erectile dysfunction drugs ED Pills Without Doctor Prescription 100mg viagra without a doctor prescription
cheap medications online ED Pills buy online drugs
canada cialis generic cialis generic names for cialis and viagra
generic cialis no doctor’s prescription generic cialis side effects of cialis
how can i order prescription drugs without a doctor best online canadian pharmacy ed meds online without prescription or membership
erectile dysfunction treatment
canadian drugs online best online canadian pharmacy treatment for ed
drug prices comparison
buy erection pills cheap pills online solutions for ed
buying ed pills online
drugs prices canadian drugs online errectile disfunction
home remedies for ed
https://prednisonegeneric20.com/ prednisone 20mg for sale
https://doxycylinegeneric100.com/
https://ventolin100mcg.com/ ventolin on line
https://ventolin100mcg.com/ ventolin australia
https://valtrexgeneric500.com/ buying valtrex in mexico
payday loans no credit check payday loans no credit check instant approval
cheapest sildenafil sildenafil for sale