Password Management

By Greg Keller Posted March 27, 2019

password management

Password management is often thought of singularly. It refers to an end user’s ability to manage the various passwords that they have to Web services, devices, and other applications. There are many password managers out there to help end users manage their passwords.

But there is also another side to password management: the IT side. From an IT admin’s perspective, they too have to manage passwords for end users. While IT admins sometimes must set the passwords (they’re generally set by their end users), the IT admins are responsible for managing the types of passwords that are acceptable and housing them on their systems. 

Their concerns are two-fold: ensuring that each individual password is strong and that, collectively, their password storage mechanism is safe. JumpCloud® Directory-as-a-Service® supports both initiatives. 

Better Password Management through Directory-as-a-Service

Let’s step back for a second. Directory-as-a-Service (DaaS) is a cloud-based, SaaS offering for directory services. DaaS ends up connecting users to the IT resources they need. Those IT resources could be applications, systems, files, servers, or networks.

Control Over Password Complexity and Rotation

As part of JumpCloud’s directory services, IT admins have the capability to enforce strong password controls. This satisfies the first requirement that IT admins have for password management. 

JumpCloud’s password complexity controls enable the ability to define minimum attributes for passwords including length and character types. Additionally, IT admins can specify the most recent password that can be re-used, the password rotation duration, and the number of failed attempts. All of these capabilities help IT admins tightly manage each password’s level of strength.

Ultimately, it comes down to the compliance regulations or organizational controls you want to put in place. If you’re looking to follow the NIST 800-63 password guidelines, for example, you would have your users use a long password sentence or phrase and never change the password unless a bad actor compromises it. If you are subject to other controls, such as PCI, you may need to have a different set of password complexity requirements. No matter the password policies you seek to implement, JumpCloud can help you reach those goals. 

Enable MFA Across Your Resources to Step-up Security

To kick your security up another notch, consider implementing MFA across as many resources as you can. This is an extra, preventative measure that can help you find peace of mind in an area where there can be a lot of uncertainty. Implementing MFA protects your sensitive company data from hackers because it requires two different forms of authentication. It simply is not enough to have just the password — no matter its length or complexity. 

Secure Password Storage

The other area that concerns IT admins is password storage. JumpCloud securely stores passwords after being one-way hashed and salted. This provides a significant step-up in security. 

Additionally, JumpCloud does not store passwords in a format that can be read by anybody else – not even JumpCloud. When a user enters their password, a secure process is used to check whether the two passwords match. 

By combining strong passwords with secure password storage, IT admins have both sides of password management covered.

DaaS and You

If you would like to learn more about how IT admins can manage their password infrastructure, drop us a line.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts