BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Password Cycling Versus Recycling: One is a Cybersecurity Best Practice, the other, a Taboo

February 19, 2019

  • Blog
  • Archive

Are you a cybersecurity recycler?

In the last few decades, we’ve learned some very hard lessons about recycling. Having “disposable” everything is not good for the environment, economy, or posterity. We all need to learn how to correctly recycle, reuse, repurpose, and dispose of material items.

The critical word in the previous paragraph is “material”. Some nonmaterial items should never be recycled, especially when dealing with cybersecurity. For instance, if you recycle passwords and accounts, you are potentially a “security recycler” and it could lead to unnecessary risks and unforeseen threats

Password Cycling versus Recycling

If you think that the term “cybersecurity recycler” is a manufactured catchphrase, you are partially correct. Nonetheless, nonmaterial items like passwords do have a cost to recycle.

While password cycling, a synonym for password rotation, is an IT security best practice for privileged credentials when it is executed with unique passwords; password recycling—the re-use of credentials—introduces a quantifiable risk and is a security taboo.

Choosing unique, never used before passwords provides far superior security, and only has a cost associated with the time, tools, and processes to actually change them. There is nothing material disposable—even if you use one time passwords (OTPs). Passwords (and accounts, for that matter) should be unique each time they are rotated/changed.

So, why am I making this the focal point of a blog? In the realm of information technology and cybersecurity, we recycle all the time. We recycle hardware, software licenses, as well as often overlooked items, like data storage and basic disk space. This recycling is all done in the name of efficiency and cost-effectiveness. Other items, as we have just covered, should never be recycled.

However, the practical problem most organizations face is how to avoid recycling passwords and accounts, and to keep them unique each time they are changed.

Eliminate Password Recycling & Enforce Password Security Best Practices

This is where BeyondTrust Password Safe comes in. The technology is designed to manage accounts and passwords and place your most precious ones—privileged accounts—under management. This means that an account’s name, password, and usage is all governed by an automated, immensely scalable solution and can be checked in / checked out and documented for usage with every session. In addition, the passwords can be automatically rotated such that password recycling never occurs and every system, account, and resource has a unique password. This protects against password re-use attacks, impedes lateral movement, and dramatically condenses your organization’s threat surface.

Finally, Password Safe has session management tools to record RDP and SSH sessions interactively when these accounts are used. This capability allows you to determine whether or not the account and passwords were used appropriately, providing a measurable benefit for meeting auditing and compliance standards.

The concepts of recycling in the material world help improve sustainability across our planet. Recycling of security technology can be cost-effective so long as we can ensure that the threats from previous usage are mitigated. Password and account recycling, however, should never occur and BeyondTrust can help ensure you do not succumb to the dark side of cybersecurity recycling practices.

Learn more about BeyondTrust Password Safe.

Photograph of Morey J. Haber

Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.