News Stay informed about the latest enterprise technology news and product updates.

Password security issues show case for privileged identity management

Password-based authentication has always been a hallmark of enterprise security strategy, but in recent years password security issues have proven to be one of the biggest contributors to security compromises and often serious data breaches.

"The ability [of attackers] to capture usernames and passwords is epidemic," said Philip Lieberman, founder and chief executive officer of Los Angeles-based Lieberman Software Inc., "and it's hard to protect a large organization, or even a medium-sized one, from this type of problem."

In this video, recorded at the 2014 RSA Conference, Lieberman discussed how privileged identity management technology is evolving to help organizations compensate for the risk of password theft.

Specifically, Lieberman said privileged identity management systems add emerging authentication controls like workflow-based authorization processes that avoid mass access request harvesting in favor of a streamlined system that makes business owners accountable for access approvals.

Lieberman encouraged enterprises to consider more alternatives to traditional password-based security mechanisms, not only privileged identity management but also multifactor authentication, contextual authentication and one-time passwords.

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I agree, technologies such as this are great for resolving password issues. That said, one can also mitigate password weaknesses by simply setting strong policies, educating users, and then actually enforcing those policies across the board - no ifs, buts, or exemptions. Strong passwords/passphrases on ALL systems, devices, and applications, period. I've never come across such an environment...
With various IT security studies showing anywhere from 80% to 100% of advanced attacks exploiting privileged acct credentials, it's mind boggling to think how many organizations are still relying on basic username and pw's to protect their most sensitive assets. Enforcing pw policies and pw vaults are simply not enough. Comprehensive privileged access control solutions are a lot like how Sherlock Holmes would investigate a crime; by gathering information based on who, what, where, when, and how of a situation. In privileged access this means, "who" wants access username/pw), "what" machine are they using to gain access (laptop, workstation), "where" do they want access from (IP Address), "when" they want access (date/time) and "how" do they want to gain that access (SSH Access Route). Alongside a rigorous pw management process, organizations can mitigate risks associated with their privileged accounts significantly. It is an approach that seeks to manage identities , not just a username and a p/w. Identities management has become the new security perimeter, where no one is named "root". Ever.