Local Admin Passwords

Domien
Domien
edited July 2020 in The Scuttlebutt

Hi Everyone,

We all know best practices tell us that passwords should never be reused. And especially not local administrator passwords for servers or even end user devices.

But reality is usually quite different from theory:

Having a unique password per end user device becomes quite the ordeal to manage and will definitely result in some problems down the line. Not to mention it greatly interferes with vulnerability scan servers that login to each machine and poll what settings or software is in place.

What's the realistic best practice around local admin passwords for end user devices and servers? (for both windows, linux and MacOS)


Kind regards, Dom

Comments

  • Wow, @Domien - this is a really great Q! Like Cheryl said, we literally were talking about this with the Tugboat Labs team about three weeks ago. Were your ears burning by any chance? 😉;)

    In my exp for end-user devices, setting everyone up in your org with a password manager such as 1Password and Dashlane is the way to go. Re: servers, I don't know, so I recommend you talk to @Scott (Tugboat's kickass VP of Eng) given his decades of exp scaling security at different orgs.

    Or, if you want more "how to set it up for servers" tips, hit up @Harpreet, @Chika, and or @Jose - Harpreet and Jose have worked with hundreds of companies during their decades at PwC, and Chika would know firsthand from her time being an auditor for several banks.

    I can't emphasize enough how much Scott, Harpreet, Chika, and Jose are all fantastically knowledgeable about this topic (and pretty much all things security and compliance) - ping them 😁:) They def don't bite lol.

  • PS @Domien - Check out what @Cheryl mentioned re: Control of the Week #6 - Security Controls, Explained: Administrative Access.

    Control of the Week #7 on Password Control is being published later today Thu 7/16.


Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!