Controlling passwords and enforcing rules to help them be stronger is a critical part of any IT organization’s job. Passwords are the keys to the digital kingdom, and as we know they are being hacked and compromised at unprecedented rates. With this heightened need for security, the protection that a password management platform can provide is paramount. As IT admins think about the next generation of identity management, one item on their mind is if a virtual password management platform can protect their credentials from hackers.
Old Password Security
As the IT infrastructure became networked in the late 1990s and extended to the Internet, the concept of securing user identities became much more important. IT admins wanted to make sure that their networks were secure and their users wouldn’t be compromised.
Of course, at the time, identity security was not nearly as much of a focus or as critical as it is now. Nobody really focused on strong, complex passwords or multi-factor authentication. Compromises of identities were rare. Also, a single password on the Windows device would get the person access to just about everything that they needed on the network. Web applications were still few and far between and cloud infrastructure was barely a glimmer in the IT admin’s eye.
Since the turn of the century, password management at the enterprise level has been controlled by Microsoft Active Directory®, which for many years was effectively a monopoly in the directory services space. As the IT landscape changed with web applications, cloud infrastructure, new platforms such as macOS and Linux, WiFi, and much more, Active Directory started to control much less of a user’s account. IT had less control over password security and management. As a result, the risks for IT started to increase. Users started to have simpler passwords because they had so many accounts, and password reuse was popular. Password managers started to appear to help address this problem, but they only exacerbated the problem with sharing of passwords and less control over accounts from IT. The situation has become way too risky for many admins.
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/virtual-password-management/