By Natalie Bluhm Posted August 28, 2017
In the world of IT, password management is being able to manage user passwords from one centralized location. Managing passwords includes enforcing password complexity, password rotation, and ensuring users are following best practices for password security. Weak password management in an organization is a significant security risk because passwords play a serious role in protecting your digital kingdom.
Password management used to be pretty simple, but increasingly sophisticated hacking and phishing tactics, along with some major changes in the IT landscape have forced IT to adapt how they manage users and their passwords.
Password Management in the Past
As computers started to be more widely used, a perfect sequence of technological advancements in the late 1990’s allowed Microsoft to form a formidable monopoly in the enterprise market. Nearly all IT environments in this time period were on-prem and consisted of Windows systems. For this environment, Microsoft Active Directory® was an effective tool for managing users and their passwords. It was a much simpler time. Users were mainly using their Windows systems to work in Microsoft Office.
This on-prem, Microsoft ecosystem made it possible for end users to only have one password to remember. An employee could simply login to their system with one password and gain access to all of their resources. IT was able to effectively manage all of their end users’ passwords, and maintain centralized control over their environment. Because of how well this ecosystem worked, Active Directory and other Microsoft resources were utilized in most IT environments.
Changes in Technology affected Password Management
Then, IT environments significantly changed: infrastructure moved to the cloud, applications moved to the web, and users moved on to using Mac and Linux systems. The result was dramatically improved workflows and cost-savings – but it came at a cost: each of these online resources required its own password to access. Gone were the days of logging on to your computer and never logging into another resource all day.
For a number of reasons, Active Directory was slow to adapt. Obviously, Microsoft wanted to hold onto their monopoly, and so they had an incentive to make it challenging to connect these new, non-Microsoft resources to Active Directory.
IT was not able to simply extend AD identities to these new resources, so end users created a plethora of identities to connect to their web-based apps, cloud servers, and non-Windows systems. Ideally users would have a separate, secure password for each identity, but remembering 10+ complex passwords is not easy. This resulted in users reusing passwords or creating really simple ones that were easy to remember but also easy to crack.
Users were able to get away with this because legacy directory services, like AD, didn’t grant IT admins full visibility and control over their environment. Admins didn’t know that passwords were being re-used and they couldn’t enforce policies that would enforce adequate password requirements. This trickled down into having poor password management – which has resulted in a steady stream of high-profile breaches featuring compromised credentials.
DaaS – A Modern Password Management Solution
IT admins prefer to have as much control as they can over users’ passwords. Proper password management allows IT admins to enforce users to meet minimum password requirements that include password length, complexity, and rotation. So how does IT manage the 10+ passwords each user might have? By switching to Directory-as-a-Service® (DaaS).
With our modern, cloud-based directory, IT can start leveraging centralized password management. With DaaS, IT can enforce password complexity, length, and rotation. Additionally, our multi-protocol approach allows users to access all of the IT resources they need with one identity, one password. With one identity, users can gain access to their Mac, Windows, and Linux systems, legacy and web-based apps (LDAP and SAML), WiFi (RADIUS), and data stored in the cloud or on-prem.
If you’d like to learn more about how you can start properly managing passwords in your environment, drop us a note. You are also more than welcome to start testing our virtual identity provider by signing up for a free account. Your first ten users are free forever.