I'm looking for advice on how to audit the usage of plain text passwords that are stored in my environment, which is a hybrid setup. What tools or methods do you recommend for this task? Thanks in advance!
4 Answers
Most Data Security Posture Management tools (DSPMs) should be able to help with this. We use Varonis, and it has a solid out-of-the-box rule for scanning passwords and identifying other sensitive data. Just a heads up though, it can be quite pricey!
We use Huntress for our endpoint detection and response (EDR). It actually notifies me whenever a user opens a document that contains passwords, which is a neat feature we didn’t expect when purchasing the tool. I'd recommend checking it out if you're looking for a way to monitor password usage.
You can also try searching for keywords like "password", "pw", or "credentials". Unless you have a specific pattern for your passwords, searching for actual passwords can return a lot of unrelated info.
If you want to make sure there are no physical notes around, just walk through the office and check behind keyboards for any post-it notes with passwords. Just kidding, I realize you meant on the systems!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures