22:
229:
is a privileged login account. On
Windows, the equivalent is Administrator. On SQL databases, the equivalent is sa. In general, most operating systems, databases, applications and network devices include an administrative login, used to install software, configure the system, manage users, apply
204:
is a type of password management used to secure the passwords for login IDs that have elevated security privileges. This is most often done by periodically changing every such password to a new, random value. Since users and automated software processes need these passwords to function, privileged
247:
Often, one application needs to be able to connect to another, to access a service. A common example of this pattern is when a web application must log into a database to retrieve some information. These inter-application connections normally require a login ID and password and this password.
238:
On the
Windows operating system, service programs execute in the context of either system (very privileged but has no password) or of a user account. When services run as a non-system user, the service control manager must provide a login ID and password to run the service program so service
186:
software intercepts user access to web applications and either inserts authentication information into the HTTP(S) stream or redirects the user to a separate page, where the user is authenticated and directed back to the original
205:
password management systems must also store these passwords and provide various mechanisms to disclose these passwords in a secure and appropriate manner. Privileged password management is related to
239:
accounts have passwords. On Unix and Linux systems, init and inetd can launch service programs as non-privileged users without knowing their passwords so services do not normally have passwords.
230:
patches, etc. On some systems, different privileged functions are assigned to different users, which means that there are more privileged login accounts, but each of them is less powerful.
172:
software enables users who forgot their password or triggered an intruder lockout to authenticate using another mechanism and resolve their own problem, without calling an IT help desk.
166:
software is used by organizations to arrange for different passwords, on different systems, to have the same value when they belong to the same person.
43:
147:
software is used by individuals to organize and encrypt many personal passwords using a single login. This often involves the use of an
113:
94:
364:
66:
206:
47:
73:
374:
169:
80:
369:
329:
62:
163:
32:
51:
36:
179:
software monitors applications launched by a user and automatically populates login IDs and passwords.
314:
Replicated storage to ensure that hardware failure or a site disaster does not lead to loss of data.
127:
269:
Providing mechanisms to disclose these passwords to various types of participants in the system:
87:
334:
324:
144:
339:
311:
Access controls and authorization to decide whether password disclosure is appropriate.
148:
190:
Privileged password management (used to secure access to shared, privileged accounts).
133:
There are several forms of software used to help users or organizations better manage
358:
183:
176:
217:
There are three main types of privileged passwords. They are used to authenticate:
21:
344:
266:
Protecting the stored values (e.g., using encryption and replicated storage).
226:
289:
A privileged password management system requires extensive infrastructure:
275:
Programs that launch services (e.g., service control manager on
Windows).
256:
A privileged password management system secures privileged passwords by:
134:
299:
Mechanism to update various participants with new password values.
308:
Authentication for parties that wish to retrieve password values.
15:
126:
For information about resetting your
Knowledge password, see
260:
Periodically changing each password to a new random value.
160:
Intended for use by a multiple users/groups of users:
278:
Applications that must connect to other applications.
151:as well. Password managers are also referred to as
8:
50:. Unsourced material may be challenged and
293:A mechanism to schedule password changes.
243:Connections by one application to another
114:Learn how and when to remove this message
296:Connectors to various kinds of systems.
7:
48:adding citations to reliable sources
141:Intended for use by a single user:
14:
213:Examples of privileged passwords
20:
225:On Unix and Linux systems, the
207:privileged identity management
202:Privileged password management
197:Privileged password management
1:
252:Securing privileged passwords
221:Local administrator accounts
170:Self-service password reset
391:
125:
330:List of password managers
164:Password synchronization
365:Password authentication
285:Required infrastructure
263:Storing these values.
63:"Password management"
44:improve this article
375:Identity management
302:Extensive auditing.
128:Help:Reset password
305:Encrypted storage.
272:IT administrators.
370:Password managers
124:
123:
116:
98:
382:
335:Password fatigue
325:Password manager
234:Service accounts
153:password wallets
145:Password manager
119:
112:
108:
105:
99:
97:
56:
24:
16:
390:
389:
385:
384:
383:
381:
380:
379:
355:
354:
353:
321:
287:
254:
245:
236:
223:
215:
199:
131:
120:
109:
103:
100:
57:
55:
41:
25:
12:
11:
5:
388:
386:
378:
377:
372:
367:
357:
356:
352:
349:
348:
347:
342:
340:Security token
337:
332:
327:
320:
317:
316:
315:
312:
309:
306:
303:
300:
297:
294:
286:
283:
282:
281:
280:
279:
276:
273:
267:
264:
261:
253:
250:
244:
241:
235:
232:
222:
219:
214:
211:
198:
195:
194:
193:
192:
191:
188:
180:
173:
167:
158:
157:
156:
149:encryption key
122:
121:
28:
26:
19:
13:
10:
9:
6:
4:
3:
2:
387:
376:
373:
371:
368:
366:
363:
362:
360:
350:
346:
343:
341:
338:
336:
333:
331:
328:
326:
323:
322:
318:
313:
310:
307:
304:
301:
298:
295:
292:
291:
290:
284:
277:
274:
271:
270:
268:
265:
262:
259:
258:
257:
251:
249:
242:
240:
233:
231:
228:
220:
218:
212:
210:
208:
203:
196:
189:
185:
184:single signon
181:
178:
177:Single signon
174:
171:
168:
165:
162:
161:
159:
154:
150:
146:
143:
142:
140:
139:
138:
136:
129:
118:
115:
107:
96:
93:
89:
86:
82:
79:
75:
72:
68:
65: –
64:
60:
59:Find sources:
53:
49:
45:
39:
38:
34:
29:This article
27:
23:
18:
17:
288:
255:
246:
237:
224:
216:
201:
200:
152:
132:
110:
101:
91:
84:
77:
70:
58:
42:Please help
30:
175:Enterprise
359:Categories
351:References
345:Smart card
104:April 2023
74:newspapers
227:root user
135:passwords
31:does not
319:See also
88:scholar
52:removed
37:sources
90:
83:
76:
69:
61:
95:JSTOR
81:books
187:URL.
182:Web
67:news
35:any
33:cite
46:by
361::
209:.
137::
155:.
130:.
117:)
111:(
106:)
102:(
92:·
85:·
78:·
71:·
54:.
40:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.