Jul 27 2017

Why You Should Be Using a Password Manager

Category: Access ControlDISC @ 9:50 pm

Password managers such as LastPass offer a simple service: They will store all your annoying passwords (and help you generate new ones if needed) and then give them out to whatever service you’re logging into through the use of browser add-ons and apps. They’re much like the password tools already built into your browser itself—the ones that ask you if you want to save your password for this site so you don’t have it enter it again. Password managers, however, were built for this specific purpose and include a suite of tools that let you access the same library of passwords across your devices. This cache of passwords is, of course, protected by a super-password of its own which you obviously need to choose carefully.

With a password manager, on the other hand, it’s trivial to make all your passwords unique. You don’t need to memorize passwords, because it’s impossible-to-memorize 30-character long password, text, and symbols which are hard to type. When you have to change them, no problem. LastPass even has a feature that will auto-change your passwords for supported sites. In the worst case scenario if passwords are somehow exposed, your most crucial accounts should be protected by two-factor authentication.

While the risks of password managers prevail over by the ease with which LastPass allow you to make your passwords strong and unique, they do have their downsides. LastPass App is available on virtually every device, but you will have to download them on new gadgets before logging in to other things. This also makes logging into your accounts on someone else’s device a strange and potentially risky proposition.

Inevitably, you’ll stumble across a device that isn’t supported, and then you’re spending five minutes typing your incomprehensible Amazon password onto a Kindle manually while looking back at your phone for reference all the while. (It pays to keep a handful of the crucial passwords strong, but still something you can memorize). And for the full suite of features any password manager offers, you’re going to have to shell out a little bit of cash. It’s worth it for the convenience and peace of mind.

PasswordManager.com

Why You Should Be Using A Password Manager


Everybody should install and use a password manager. Without a password manager, you’ll find yourself using simple-minded passwords like LastPass, or memorizing one strong password and using it over and over. Password manager prices range from nothing at all to $40 or more. At $12 per year, LastPass 4.0 Premium is on the low side for a commercial password manager price-wise, but on the high side feature-wise. The current version’s online console has gotten a welcome face-lift, along with a number of useful new features.

BEST PASSWORD MANAGERS OF 2017: REVIEWS OF THE TOP PRODUCTS

“LastPass also supports a range of multi-factor authentication options for protecting your vault, including app-based authenticators like Symantec VIP and Google Authenticator, hardware tokens like YubiKey, and fingerprint readers. And its $12-a-year subscription is a steal when other password manager services charge as much as $35 for a single user.”


Tags: Multi-factor authentication, Password

Mar 28 2013

Compartmentalizing and Segmenting Privileged Passwords

Category: Access ControlDISC @ 9:34 am

Privileged Password

By Liberman Software @ Identity Week

If you’re a fan of old war movies – and especially if you’re a child of the Cold War – then you no doubt recall watching scenes where prior to launching a nuclear missile, two operators will turn their launch keys simultaneously in order to initiate the launch. The military refers to this security process as “The Two Person Concept” or “The Two Man Rule”. Sometimes the phrase “Double Safekeeping” is used.

The concept is that double safekeeping is an effective control mechanism for ensuring the highest levels of security during critical operations. That’s because the process requires two or more authorized personnel to be involved before sensitive resources or information can be accessed.

So it’s only logical to assume that if double safekeeping can prevent something as crucial as the accidental or malicious launch of nuclear weapons by a single person, then the practice can be extended into other realms of security.

Double Safekeeping and Privileged Account Management

And that’s exactly what my company did recently within the field of privileged account management. Our flagship privileged identity management product, Enterprise Random Password Manager™ (ERPM), now includes a version of double safekeeping that controls privileged passwords.

ERPM is a security product that automatically discovers, secures, tracks and audits privileged accounts across multiple operating systems. It continuously changes privileged passwords, and helps prevent unauthorized users and programs from being able to access an organization’s most sensitive data.

Now, with its new double safekeeping feature, ERPM can release different password segments to different authorized IT personnel. It breaks up privileged account passwords into different parts, and each part is assigned to an authorized user, in a fully audited manner.

For example, an IT manager may have one segment of the password, and a systems administrator may have the other segment. Together both people have the entire password, and the ability to access the corresponding privileged account. Separately, neither one can use the powerful account to anonymously change configuration settings, extract confidential data or install programs on their own.

And while this may be the first time you’re hearing about such a capability, I’m betting it won’t be the last.  Some regulatory compliance mandates, like BASEL II, are now requiring organizations to store sensitive information – including passwords – in multiple parts so that one person can’t maintain key secrets individually.

This whole thing reminds me of an old saying that goes something like: “If one man can single handedly save the ship, then it stands to reason that the same man can also single handedly sink the ship.” Take precautions.

 

Related articles

Tags: Password, Password manager, Privileged Identity Management, Two-man rule