The Top 5 PAM Tasks IT Teams Must Automate Part 2: Changing Network Passwords

By Jordan True

Realizing that many privileged account passwords are not changed on a regular basis hackers can assume that the access they've managed to obtain will be available for a long period of time.

Automating Network Password Changing: A password that remains the same year in and year out is a hacker’s dream, and a breach waiting to happen. Fortunately, there are tools that can force users to change passwords after a set period of time, and can automate password changing to protect privileged accounts.

In this 5-part Thycotic educational series, we focus on five areas of Privileged Account Management where automation can be utilized to not only reduce the amount of work typically associated with certain IT tasks, but also to significantly improve the security posture of your organization:

Part 1: Account Discovery
You’re reading: Part 2: Changing Network Passwords
Part 3: Team Password Sharing
Part 4: SSH Key Management
Part 5: Compliance Reporting

Why automate at all? With data centers constantly expanding across multiple geographic locations, IT teams are increasing the physical and virtual servers they have to manage. Yet the resources that enable them to accomplish required tasks rarely keep pace with their demands. So it’s not surprising that automating repetitive, rote tasks is a key component of success for any IT Operations group. There are areas where automation efforts are often overlooked; especially for managing the accounts IT teams use every day: non-human privileged accounts and service/application accounts.

Why automate the Network Password Changing?

IT Operations teams often do not have time to change privileged account passwords manually without risking service interruptions. Hackers or malicious insiders know this and can take advantage of this vulnerability to compromise a privileged account and utilize it for nefarious purposes. Realizing that many privileged account passwords are not changed on a regular basis if at all, hackers can also reasonably assume that the access they’ve managed to obtain will be available for a long period of time.

Privileged, non-human accounts present an even greater challenge than human accounts, one which can only be solved by automating the process of changing passwords.

Even after you’ve discovered all your privileged accounts, there are typically too many of these accounts for any single person or even a single team to change manually. Once changed, your IT admins will need to find a way to share the password with each other, which is often done manually through insecure spreadsheets, text files or even sticky notes. Plus, if any of the privileged accounts are used to run scheduled tasks or services, they have to update all dependent services as quickly as possible to ensure there is no interruption in service or downtime for mission critical applications.

Fortunately, there are tools that can automate changing passwords to help protect privileged account access. Combined with automated privileged account discovery, these tools can identify where the accounts are located and then change their passwords on a scheduled basis. By automating the process, administrators can simultaneously update all areas where the credentials are used for services and applications, thus insuring that there is no application downtime or interruption of service for users.

By using software such as Thycotic Secret Server, the system administrator can assure that password rotation changes will actually occur without having to spend hundreds of hours manually changing them all one by one.

Plus, the IT Operations team will improve the security posture for these accounts to significantly lower risk while satisfying regulatory or internal compliance requirements.

Automated Password Change feature in Thycotic Secret Server:


Already securing privileged account access for more than 7,500 organizations worldwide, including Fortune 500 enterprises; Thycotic Secret Server is simply your best value for PAM protection.

Browser-stored passwords make it easy for hackers to get inside your network.

Our free Browser-Stored Password Discovery Tool finds those sneaky passwords

Source:: Thycotic