A compromised password, especially without other critical security measures in place, is one of the largest security risks. Some of the biggest hacks have occurred due to compromised credentials from companies with low password management maturity levels. Our password management maturity model helps you understand your own maturity level and the next steps to achieving higher levels.
Passwords are among the easiest ways into a company’s network. Many companies never reach higher than mid-maturity on the Password Management Maturity Model. In companies whose overall cybersecurity maturity is low, the password is all one needs to have access to everything. With no secure remote access or security zones to speak of, your easiest vulnerability is also your most damaging.
OT finds itself uniquely challenged due to aging equipment that wasn’t ready for the complex digital age ahead of it. Those assets often have simple passwords with limited options to add complexity. Sometimes default passwords are used across a fleet of devices. This leaves many critical assets as an easy point of entry.
IT has its own challenges. Passwords remain stagnant, perhaps using the same one across applications or devices, with no steps in place to authenticate the user. A lack of documentation means things easily slip through the cracks and the vulnerability becomes obscured in the noise.
What is a Password Management Maturity Model
Our Password Management Maturity Model acts as a general guide to understanding your current maturity level and as an outline for attaining higher levels of password management maturity. It encompasses both functionality and features needed to scale each level and is broken into five distinct maturity levels.
Each level builds on the last, layering in additional complexity and security measures to reduce threats from compromised passwords or prevent a password being compromised in the first place. Some elements in the maturity model also make compliance requirements – like password rotations – easier to manage.
Password Management Maturity Model Stages
PWM Maturity Level 0
At level 0 in the password management maturity model, you are highly vulnerable to attacks. There is no official structure to managing passwords and nothing is done to mitigate risks caused by poor password management hygiene.
This is compounded by other challenges, particularly in OT, for industrial control systems. Aging technology whose password requirements are limited to just a few characters and only upper case, for instance, are among the limitations that leave them easily cracked.
Even more, sometimes there are just a few usernames or only one per device, meaning everyone knows the password. Understanding who accessed the asset and when is impossible to know. Your vulnerabilities from contractors or terminated employees having this access add even more factors of threat.
There are no password rotations at this level, no complexity requirements and often the passwords are default across devices. You are your most vulnerable here.
PWM Maturity Level 1
Much like level 0, at level 1 many of your vulnerabilities remain the same, but some sophistication starts being implemented. Non-default passwords are now in use, however due to a lack of password rules they are still very easily cracked.
There is still little documentation of passwords nor is there any rotation. The passwords are set and remain. The limitations of everyone using the same password for the same endpoint remain. Your insights into who is doing what on your network remain incredibly limited.
PWM Maturity Level 2
At this level in the password management maturity model, you’re starting to track things. Your passwords are now kept in a document, perhaps by multiple individuals. This means things aren’t centralized yet, though this foundation sets the path toward it.
Updating passwords remains a manual process. Passwords may not be the same across your sites anymore, however each site may still share passwords.
Password rotations are still not formalized at this level yet.
PWM Maturity Level 3
Level 3 builds on the foundation you established in level 2. Passwords are now centralized and consolidated into one location. They are not yet vaulted and still remain in a document to keep track.
Your processes to update and change passwords also remain manual. At this level you are now rotating passwords.
PWM Maturity Level 4
Leve 4 in the password management maturity model achieves more advanced methods to manage your password security. Now there are password vaults being used to manage all passwords and multi-factor authentication is implemented to authenticate beyond just the password alone.
Your policies match the latest standards, like NIST’s 800-63 and others.
At this level you also have password checkouts for users, tracking who checked out a password and when. The password is also changed at the checkout’s completion.
You’ve resolved many of the challenges and vulnerabilities present at the lower levels in the maturity model, however many of these processes are still performed manually, leaving certain cybersecurity gaps.
PWM Maturity Level 5
At the final level in the maturity model, you have addressed your remaining password management gaps from manual inefficiencies. Your password management is now automated completely and hands-off, your tools update passwords and the vault for you.
No one knows or shares passwords, and all password changes and updates happen away from the eyes of users.
Here you are also using the latest password requirements and recommendations for password security, exceeding recommended minimum character lengths and password refreshes for the highest levels of security.
You have addressed your inefficiencies at this level and removed much of the human element from the equation that left you open to attacks from internal sources or from manual mistakes/lag times to make required security changes.
You have insights into who is accessing passwords and are verifying users beyond just the password to ensure higher levels of security. Your passwords are changed and enforced at the latest levels of security standard recommendations.
Path to Achieving Password Management Maturity
Like in our Secure Remote Access Maturity Model, many organizations struggle to reach higher levels in the PWM maturity model as well. Just like there, these lower maturity levels leave large security gaps in your network that allow a hacker to easily access your network.
Due to such vulnerabilities and the increasing sophistication of attacks today, particularly from the looming threats of ransomware, it’s imperative to increase your cybersecurity maturity levels. ConsoleWorks helps you to enforce higher levels of password management maturity.
From one centralized location, a user can schedule automatic password changes and set-reset date warnings to meet compliance standards. ConsoleWorks can recover or change a password or export all passwords, securely.
Further, ConsoleWorks enforces multi-factor verification methods and secure remote access, alongside monitoring of your endpoints, to enforce a Zero Trust framework and terminate connections before they can do real damage to you. Talk to us about your password management needs here to achieve the highest maturity level possible today and prevent attacks on your environment.