By Greg Keller Posted March 27, 2019
Password management is often thought of singularly. It refers to an end user’s ability to manage the various passwords that they have to Web services, devices, and other applications. There are many password managers out there to help end users manage their passwords.
But there is also another side to password management: the IT side. From an IT admin’s perspective, they too have to manage passwords for end users. While IT admins sometimes must set the passwords (they’re generally set by their end users), the IT admins are responsible for managing the types of passwords that are acceptable and housing them on their systems.
Their concerns are two-fold: ensuring that each individual password is strong and that, collectively, their password storage mechanism is safe. JumpCloud® Directory-as-a-Service® supports both initiatives.
Better Password Management through Directory-as-a-Service
Let’s step back for a second. Directory-as-a-Service (DaaS) is a cloud-based, SaaS offering for directory services. DaaS ends up connecting users to the IT resources they need. Those IT resources could be applications, systems, files, servers, or networks.
Control Over Password Complexity and Rotation
As part of JumpCloud’s directory services, IT admins have the capability to enforce strong password controls. This satisfies the first requirement that IT admins have for password management.
JumpCloud’s password complexity controls enable the ability to define minimum attributes for passwords including length and character types. Additionally, IT admins can specify the most recent password that can be re-used, the password rotation duration, and the number of failed attempts. All of these capabilities help IT admins tightly manage each password’s level of strength.
Ultimately, it comes down to the compliance regulations or organizational controls you want to put in place. If you’re looking to follow the NIST 800-63 password guidelines, for example, you would have your users use a long password sentence or phrase and never change the password unless a bad actor compromises it. If you are subject to other controls, such as PCI, you may need to have a different set of password complexity requirements. No matter the password policies you seek to implement, JumpCloud can help you reach those goals.
Enable MFA Across Your Resources to Step-up Security
To kick your security up another notch, consider implementing MFA across as many resources as you can. This is an extra, preventative measure that can help you find peace of mind in an area where there can be a lot of uncertainty. Implementing MFA protects your sensitive company data from hackers because it requires two different forms of authentication. It simply is not enough to have just the password — no matter its length or complexity.
Secure Password Storage
The other area that concerns IT admins is password storage. JumpCloud securely stores passwords after being one-way hashed and salted. This provides a significant step-up in security.
Additionally, JumpCloud does not store passwords in a format that can be read by anybody else – not even JumpCloud. When a user enters their password, a secure process is used to check whether the two passwords match.
By combining strong passwords with secure password storage, IT admins have both sides of password management covered.
DaaS and You
If you would like to learn more about how IT admins can manage their password infrastructure, drop us a line.