Credentials are the main battlefront in our ongoing computer security war. Deploy everything you have to keep them safe
Protecting elevated authentication credentials is one of the best defense-in-depth strategies any company can deploy.
In today’s pass-the-hash, pass-the-Kerberos-token, steal-any-credentials world, preventing credentials from falling into the wrong hands can be the entire battle. Identity is security. If an identity and its authentication credentials get into the wrong hands, often enough, it’s game over.
For decades we’ve told people not to stay logged in as admin or root all the time. Alternatively, they should have two accounts: one for regular user duties (email, browsing the Web, and so on) and another elevated one for administrative duties.
That’s the old way of thinking. Today’s advice includes using just-in-time credentials, two-factor authentication, and least-privilege delegation.
