A few years back when I worked as a security system integrator, I faced a real struggle managing a ton of passwords that needed regular resets—weekly, monthly, or quarterly. Most password managers out there don't handle the reset part effectively. So I was pondering if a password manager with specific features like reminders for rotation, a history of previous passwords, and a calendar view could actually assist sysadmins. Do you think this approach would still be beneficial, or is it outdated with the rise of single sign-on (SSO) and passwordless options? Also, does anything like this already exist?
5 Answers
Consider what specifics you need to rotate. For everyday logins, using modern SSO with MFA tends to be more efficient than constant password rotations. For service or local accounts, tools like LAPS and Cyberark’s password vault can handle rotations and vaulting effectively. There are a bunch of good options depending on your setup!
Some password managers do help with resets if you're willing to invest a bit more. For example, Keeper Privileged Access Management has features for password rotation that could be beneficial for what you're suggesting.
There’s been a shift in password management best practices recently. NIST has moved away from routine password rotations unless there's a compromise. They now focus on password length and complexity, requiring at least 8 characters—with 15 being recommended. So, while your idea of password managers helping with rotation reminders and history sounds nice, you should also consider using multi-factor authentication (MFA) alongside longer passphrases for enhanced security. If you're moving away from frequent changes, follow up on training users about strong password practices!
Thanks for clarifying that! I should have mentioned MFA—I should definitely look into incorporating that more.
Most modern password managers can integrate with SSO systems and handle credential rotations automatically. So it might not be as complex as you think! Something like 1Password can manage and rotate credentials efficiently on PCs and servers without needing extra tools. It’s worth checking out those capabilities before diving into custom solutions!
Really? I wouldn't have guessed that! I thought integrating SSO meant more hassle with other tools.
That’s good to know! I definitely need to explore that further.
In my old job, we had to rotate service account passwords and we used Thycotic’s Secret Server for that—now known as Delinea. So yes, there are existing tools that address the need for secure password rotations. Again, it’s about determining what fits your needs best!
I'll have to check that out, thanks!
Appreciate the tip on that tool!
Exactly! It's cool to have reminders and history, but if passwords are strong enough, you might not need those frequent resets like before.