Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

PAM Security Video Series Part 1: Are Passwords Dead?

Written by Thycotic Team

June 23rd, 2015

In this video blog series, IT security experts explain why compromised privileged credentials are at the heart of most large-scale cyber-attacks, and how privileged account management can help IT teams mitigate a host of security and compliance issues.

Part 1 | Part 2 | Part 3 | Part 4

The series starts by debunking the common information security myth – passwords are dead! Information security professionals and end-users alike question the security and lifespan of the password. Hear from information security expert, Dave Shackleford, on why privileged account passwords are here to stay for the foreseeable future and how privileged account management can protect you, not only against insider threats, but also against constant external threats on your network.

Myth: Passwords are dead! The password will soon be replaced by biometrics, so I don’t need to invest in privileged account management

“You’ll sometimes hear people say that passwords are dead and usually what they are referring to is the end-user password, and they are trying to get people away from passwords altogether using some other method for gaining access to resources. But what a lot of people don’t realize when they say that, whether they are right or not, is that passwords are in use in many more places than just end-user access to assets and resources. Passwords are in use as service accounts, as scripts, and for system-to-system communication and system–to-application communication, and probably will be for the foreseeable future.  That’s not going to go away; it’s not a problem that we are going to solve quickly. So people really have to look at strategies to control and better secure those types of accounts, just as much as you would look to secure end-user accounts as well.”

Myth: Privileged account management only matters for protecting against insider threats

“We’ve realized that the attackers are smart. They’re using a variety of mechanisms to get inside the organization, getting that one gap in the armor, whatever your perimeter security strategy is they’re finding a way in and taking advantage of flaws to act like trusted insiders. So the idea of a trusted insider going rogue on you or somebody going bad—that may or may not be your biggest issue, but it’s really irrelevant because if you don’t have good privileged account management the attackers will simply take that role and start acting as though they are a trusted user.”


Like this post?

Get our top blog posts delivered to your inbox once a month.