Password Cycling Versus Recycling: One is a Cybersecurity Best Practice, the other, a Taboo

Are you a cybersecurity recycler?

In the last few decades, we’ve learned some very hard lessons about recycling. Having “disposable” everything is not good for the environment, economy, or posterity. We all need to learn how to correctly recycle, reuse, repurpose, and dispose of material items.

The critical word in the previous paragraph is “material”. Some nonmaterial items should never be recycled, especially when dealing with cybersecurity. For instance, if you recycle passwords and accounts, you are potentially a “security recycler” and it could lead to unnecessary risks and unforeseen threats

Password Cycling versus Recycling

If you think that the term “cybersecurity recycler” is a manufactured catchphrase, you are partially correct. Nonetheless, nonmaterial items like passwords do have a cost to recycle.

While password cycling, a synonym for password rotation, is an IT security best practice for privileged credentials when it is executed with unique passwords; password recycling—the re-use of credentials—introduces a quantifiable risk and is a security taboo.

Choosing unique, never used before passwords provides far superior security, and only has a cost associated with the time, tools, and processes to actually change them. There is nothing material disposable—even if you use one time passwords (OTPs). Passwords (and accounts, for that matter) should be unique each time they are rotated/changed.

So, why am I making this the focal point of a blog? In the realm of information technology and cybersecurity, we recycle all the time. We recycle hardware, software licenses, as well as often overlooked items, like data storage and basic disk space. This recycling is all done in the name of efficiency and cost-effectiveness. Other items, as we have just covered, should never be recycled.

However, the practical problem most organizations face is how to avoid recycling passwords and accounts, and to keep them unique each time they are changed.

Eliminate Password Recycling & Enforce Password Security Best Practices

This is where BeyondTrust Password Safe comes in. The technology is designed to manage accounts and passwords and place your most precious ones—privileged accounts—under management. This means that an account’s name, password, and usage is all governed by an automated, immensely scalable solution and can be checked in / checked out and documented for usage with every session. In addition, the passwords can be automatically rotated such that password recycling never occurs and every system, account, and resource has a unique password. This protects against password re-use attacks, impedes lateral movement, and dramatically condenses your organization’s threat surface.

Finally, Password Safe has session management tools to record RDP and SSH sessions interactively when these accounts are used. This capability allows you to determine whether or not the account and passwords were used appropriately, providing a measurable benefit for meeting auditing and compliance standards.

The concepts of recycling in the material world help improve sustainability across our planet. Recycling of security technology can be cost-effective so long as we can ensure that the threats from previous usage are mitigated. Password and account recycling, however, should never occur and BeyondTrust can help ensure you do not succumb to the dark side of cybersecurity recycling practices.

Learn more about BeyondTrust Password Safe.