At Least 23 Passwords That You Should Include In a Password Inventory
When you get ready to roll out a password management system, it's easy to think about the complications that might arise in the implementation phase and the ongoing maintenace phase. In my experience, any issues that arise can easily be remedied through a little technical know-how, some creative thinking, and stellar support from your password management vendor.
In reality, the most time-intensive phase is planning. In this phase you are performing a password inventory, setting up role based access controls, choosing an infrastructure provider (Personally, I'm a big fan of Microsoft Azure), and mapping out the implementation.
That first task, taking a password inventory, is incredibly important. You need to track down descriptions, usernames, passwords, and more for every system that you use. I find that this step is often the most neglected as MSPs simply don't realize the sheer amount of passwords that they come into contact with on a daily basis.
As a result, some passwords fall through the cracks. This results in either a lot of annoyances later, or even a password-related disaster in some instances. Below you'll find a list of 23 passwords that you should be including in your password inventory. This is not an exhaustive list: it's simply to give you a solid starting point for you to build up from.
- Firewalls and VPN concentrators
- Network devices like routers and managed switched
- Wireless Access Points
- Printers, scanners and photocopiers
- Network attached embedded devices like video surveillance systems
- Remote Management cards like HP iLo, Dell DRAC and generic IPMI interfaces
- Local administrator credentials in Windows
- Domain admin credentials in Windows
- SYSKEY passwords for domain controllers
- ADRM passwords for domain controllers
- Service accounts in Windows
- Schedules tasks in Windows
- Root credentials in Linux and OSX
- Passwords for websites for SSL certs, domain registration and DNS, Online backup etc.
- Passwords for on-premise backup encryption
- Master passwords for anti-spam, antivirus and intrusion prevention systems
- Power-on passwords for critical systems
- BIOS supervisor passwords
- Harddisk encryption passwords (BitLocker, TrueCrypt etc.)
- Database passwords (e.g. SA, mySqlAdmin etc.)
- Website and blog admin passwords (e.g. WordPress, Bluehost etc.)
- Software admin passwords (CRM, PSA, RMM, Online collaboration, etc.)
- Shared company social media accounts (Twitter, Facebook, LinkedIn etc.)