{"id":5280,"date":"2019-06-26T18:29:39","date_gmt":"2019-06-26T17:29:39","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5280"},"modified":"2021-05-31T12:49:34","modified_gmt":"2021-05-31T11:49:34","slug":"why-every-msp-needs-password-manager","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager","title":{"rendered":"Why every MSP Needs a Password Manager"},"content":{"rendered":"<p>Managed services providers (MSPs) hold access credentials for hundreds of thousands of customer systems. These credentials are \u201ckeys to the kingdom\u201d and provide access at various levels to networks, devices, applications, and even data.<\/p>\n<p>Malicious actors understand the importance of the access granted to MSPs, and also recognize the value of obtaining multiple credentials in as few attacks as possible. MSPs and IT service providers in general may be an example of \u201cshoemaker\u2019s children\u201d\u2014although they are experts in recommending and implementing risk management strategies for their customers, they may not have looked after their own house.<\/p>\n<p>For attackers, this is a potential for a perfect storm: large volumes of credentials, concentrated in the hands of very few organizations with potentially poor risk management protection.<\/p>\n<p>In fact, <a class=\"ext\" href=\"http:\/\/www.crn.com\/news\/security\/hpe-ibm-among-the-msps-breached-by-chinese-hackers-report\" target=\"_blank\" rel=\"noopener noreferrer\">both HPE and IBM<\/a>, two of the world\u2019s largest MSPs, were breached last year in focused attacks. So this definitely isn\u2019t just an issue for smaller MSPs.<\/p>\n<h2 class=\"h3\"><b>Protecting credentials<\/b><\/h2>\n<p>How can you ensure your customers\u2019 credentials are protected? Let\u2019s start with a look at the types of password attacks that breach systems.<\/p>\n<p>Malicious actors use a variety of password-based attacks to gain access to systems.<\/p>\n<ul>\n<li><b>Password spraying<\/b> is an automated attack using <em>known email addresses <\/em>and a list of common passwords. It\u2019s a guessing game with a high-degree of success against weak passwords.<\/li>\n<li><b>Credential stuffing<\/b> is an automated attack using <em>known username\/password <\/em>combinations targeted at new sites. This type of attack works well for people who reuse passwords.<\/li>\n<li><b>Brute-force attacks<\/b> are automated attacks using email addresses and high-volume guessing of passwords based on dictionaries of passwords, words, and word variations. They are time and resource intensive but yield fast results against weak passwords.<\/li>\n<\/ul>\n<p>These attacks used to require specialist expertise. Today, tools and password lists are readily available free of charge. A June 2019 Google search for \u201cPasswords.txt\u201d yields 10.3 million results, with link titles like \u201c10-million-password-list,\u201d \u201c500-worst-passwords,\u201d \u201c10k-most common,\u201d and \u201cLarge Password Lists: Password cracking Dictionary\u2019s download.\u201d This shows that the means to drive these attacks is within easy reach. A second search for tools designed for use by white hat\/ethical hackers returns a large number of downloadable tools ready for use.<\/p>\n<p>As a best practice, strong passwords offer the best defense against all three types of attack.<\/p>\n<p>However, strong passwords are hard to remember and hard to manage without purpose-built tools.<\/p>\n<p>Commonly used spreadsheets facilitate the use of strong passwords but present challenges in terms of operation:<\/p>\n<ul>\n<li>Mistyping errors<\/li>\n<li>Copy\/paste errors<\/li>\n<li>Increased search times<\/li>\n<li>Out-of-date version of the sheet<\/li>\n<li>Multiple copies exacerbate maintenance<\/li>\n<li>Insecure storage<\/li>\n<li>Revocation is impossible<\/li>\n<\/ul>\n<h2 class=\"h3\"><b>Why password management matters<\/b><\/h2>\n<p>These challenges mean that eventually users fall back to reusing old passwords or creating weak passwords and the risk of breach increases. This is where a <a class=\"ext\" href=\"\/features\/password-management-software\" target=\"_blank\" rel=\"noopener noreferrer\">purpose-built password management solution<\/a> can help, providing you with a way to:<\/p>\n<ul>\n<li>Facilitate the creation of strong passwords<\/li>\n<li>Securely store credentials of all types<\/li>\n<li>Seamlessly inject password into systems when needed<\/li>\n<li>Enable vaults to be configured by role, providing access based on expertise and seniority<\/li>\n<li>Grant or revoke access with a single click<\/li>\n<li>Auto-capture new credentials<\/li>\n<li>Expire passwords<\/li>\n<li>Measure and report on password strength and age<\/li>\n<li>Rotate existing credentials automatically<\/li>\n<li>Provide an audit capability to help meet compliance requirements for credential creation, usage, and storage<\/li>\n<\/ul>\n<p>For most compliance requirements, it\u2019s important that passwords are changed regularly; this is something that is easily demonstrated with a purpose-built solution.<\/p>\n<p>However, probably the best aspect of all from a technician perspective is that you only need to remember a single password to access the <a href=\"\/features\/password-vault-software\">secure vault<\/a>.<\/p>\n<p>If you haven\u2019t yet implemented a purpose-built solution at your MSP you could well be putting both yourselves and your customers at risk.<\/p>\n<p><b>Built for MSPs by MSPs, <a href=\"https:\/\/www.solarwindsmsp.com\/products\/passportal\" target=\"_blank\" rel=\"noopener\">SolarWinds Passportal + Documentation Manager<\/a> is an encrypted and efficient password and <a class=\"ext\" href=\"https:\/\/www.passportalmsp.com\/use-cases\/credential-management-system\" target=\"_blank\" rel=\"noopener noreferrer\">credential management solution<\/a>, offering credential injection, reporting, auditing, password change automation and privileged client documentation capabilities\u2014designed to streamline the technicians\u2019 day by providing essential documentation at their fingertips to standardize service delivery and expedite issue resolution.<\/b><\/p>\n<p><b>SolarWinds Passportal can help you manage risk, shorten incident resolution times, meet compliance for credential creation, usage, and storage. To find out more <a href=\"https:\/\/www.solarwindsmsp.com\/products\/passportal\" target=\"_blank\" rel=\"noopener\">click here<\/a>.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Managed services providers (MSPs) hold access credentials for hundreds of thousands of customer systems. These credentials are \u201ckeys to the kingdom\u201d and provide access at various levels to networks, devices,&#8230;<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5280","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Why every MSP Needs a Password Manager - N-able<\/title>\n<meta name=\"description\" content=\"MSPs offer attackers a rich vein of access to critical system credentials for a broad range of companies. Andrew Miller looks at why a password management solution is essential to prevent a critical breach.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why every MSP Needs a Password Manager - N-able\" \/>\n<meta property=\"og:description\" content=\"MSPs offer attackers a rich vein of access to critical system credentials for a broad range of companies. Andrew Miller looks at why a password management solution is essential to prevent a critical breach.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-26T17:29:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-31T11:49:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"4\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"Why every MSP Needs a Password Manager\",\"datePublished\":\"2019-06-26T18:29:39+01:00\",\"dateModified\":\"2021-05-31T11:49:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager\"},\"wordCount\":708,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager\",\"name\":\"Why every MSP Needs a Password Manager - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2019-06-26T18:29:39+01:00\",\"dateModified\":\"2021-05-31T11:49:34+00:00\",\"description\":\"MSPs offer attackers a rich vein of access to critical system credentials for a broad range of companies. Andrew Miller looks at why a password management solution is essential to prevent a critical breach.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why every MSP Needs a Password Manager\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Why every MSP Needs a Password Manager - N-able","description":"MSPs offer attackers a rich vein of access to critical system credentials for a broad range of companies. Andrew Miller looks at why a password management solution is essential to prevent a critical breach.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager","og_locale":"de_DE","og_type":"article","og_title":"Why every MSP Needs a Password Manager - N-able","og_description":"MSPs offer attackers a rich vein of access to critical system credentials for a broad range of companies. Andrew Miller looks at why a password management solution is essential to prevent a critical breach.","og_url":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2019-06-26T17:29:39+00:00","article_modified_time":"2021-05-31T11:49:34+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"N-able","Gesch\u00e4tzte Lesezeit":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"Why every MSP Needs a Password Manager","datePublished":"2019-06-26T18:29:39+01:00","dateModified":"2021-05-31T11:49:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager"},"wordCount":708,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Security"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager","url":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager","name":"Why every MSP Needs a Password Manager - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2019-06-26T18:29:39+01:00","dateModified":"2021-05-31T11:49:34+00:00","description":"MSPs offer attackers a rich vein of access to critical system credentials for a broad range of companies. Andrew Miller looks at why a password management solution is essential to prevent a critical breach.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/why-every-msp-needs-password-manager#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/de\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"Why every MSP Needs a Password Manager"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=5280"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5280\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=5280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}