Password Rotation in a Context
Privilege Account Management (PAM) workflow uses automated policy driven password reset for the following purposes
- Minimise number of users who know the password
- Minimise number of accounts with elevated privileges
- Minimize number of hard coded passwords in process automation software
- Ensure that users utilize central place with permission controls, notifications and audit logging to access privileged accounts, servers and IoT devices
- Maintain strong unique passwords for multiple privileged accounts
- Reduce a number of factory or image default passwords
- Control access to privileged accounts using a central management portal
Three Components of the Password Reset Process
Password reset process configuration involves three basic components.
- Password Reset Formula
- Password Reset Policy
- Password Reset Strategy
Password reset formula defines the strength of the password in terms of the password length, requirements to include certain characters in the password (such as a number, upper or lower case letters, special characters), limitations on password history reuse and some other settings. Record types (like all unix or windows host records) define generic reusable password reset formula for all records of this type with the option for each individual record to overwrite password formula settings.
Password reset policy specifies the moment when the system has to reset password. The options for policy include periodic password reset (guided by the number of days or weeks before the next reset) and event-driven password resets such as a requirements to reset password after the record created, updated or some user unlocked the password. The policy also includes the option for the record owner to initiate a password reset on demand. For the simplicity of the configuration the system applies the same policy for all records located in the same folder with the option to override policy for an individual record or a subfolder.
Password reset strategy dictates the software algorithm to use to reset the password. The options include direct remote connect using device remoting API interface or GUI-based console login. The strategy also includes the option to use a shadow account to reset the password that cannot change its own password and also the option to use custom PowerShell, Visual Basic or Shell script for password reset. Like in the case with password reset formula the default password reset strategy could be defined for all records of a certain record type with the option to override it for an individual record.
Watch the video demonstration below to see how password reset formula, policy and strategy work together to ensure security of the privileged accounts in the network
Xton Access Manager is an agentless, cross-platform privileged access management solution with unlimited licensing model built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.
Please fill out this form to receive a download link to get started today with free 60 days trial. Documentation is available to help. You can email or call us to request a trial extension, ask questions and share your feedback. We would love to talk to you.