Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Why every MSP Needs a Password Manager
Security

Why every MSP Needs a Password Manager

By Andrew Miller
26 June, 2019

Managed services providers (MSPs) hold access credentials for hundreds of thousands of customer systems. These credentials are “keys to the kingdom” and provide access at various levels to networks, devices, applications, and even data.

Malicious actors understand the importance of the access granted to MSPs, and also recognize the value of obtaining multiple credentials in as few attacks as possible. MSPs and IT service providers in general may be an example of “shoemaker’s children”—although they are experts in recommending and implementing risk management strategies for their customers, they may not have looked after their own house.

For attackers, this is a potential for a perfect storm: large volumes of credentials, concentrated in the hands of very few organizations with potentially poor risk management protection.

In fact, both HPE and IBM, two of the world’s largest MSPs, were breached last year in focused attacks. So this definitely isn’t just an issue for smaller MSPs.

CTA Image

SolarWinds Remote Monitoring and Management

Get the tools you need to manage, secure, and improve all things IT—all within a single web-based dashboard.

Try It Free Learn More

Protecting credentials

How can you ensure your customers’ credentials are protected? Let’s start with a look at the types of password attacks that breach systems.

Malicious actors use a variety of password-based attacks to gain access to systems. 

  • Password spraying is an automated attack using known email addresses and a list of common passwords. It’s a guessing game with a high-degree of success against weak passwords.
  • Credential stuffing is an automated attack using known username/password combinations targeted at new sites. This type of attack works well for people who reuse passwords.
  • Brute-force attacks are automated attacks using email addresses and high-volume guessing of passwords based on dictionaries of passwords, words, and word variations. They are time and resource intensive but yield fast results against weak passwords.

These attacks used to require specialist expertise. Today, tools and password lists are readily available free of charge. A June 2019 Google search for “Passwords.txt” yields 10.3 million results, with link titles like “10-million-password-list,” “500-worst-passwords,” “10k-most common,” and “Large Password Lists: Password cracking Dictionary’s download.” This shows that the means to drive these attacks is within easy reach. A second search for tools designed for use by white hat/ethical hackers returns a large number of downloadable tools ready for use.

As a best practice, strong passwords offer the best defense against all three types of attack.

However, strong passwords are hard to remember and hard to manage without purpose-built tools.

Commonly used spreadsheets facilitate the use of strong passwords but present challenges in terms of operation:

  • Mistyping errors
  • Copy/paste errors
  • Increased search times
  • Out-of-date version of the sheet
  • Multiple copies exacerbate maintenance
  • Insecure storage
  • Revocation is impossible

Why password management matters

These challenges mean that eventually users fall back to reusing old passwords or creating weak passwords and the risk of breach increases. This is where a purpose-built password management solution can help, providing you with a way to: 

  • Facilitate the creation of strong passwords 
  • Securely store credentials of all types 
  • Seamlessly inject password into systems when needed 
  • Enable vaults to be configured by role, providing access based on expertise and seniority
  • Grant or revoke access with a single click
  • Auto-capture new credentials 
  • Expire passwords
  • Measure and report on password strength and age
  • Rotate existing credentials automatically
  • Provide an audit capability to help meet compliance requirements for credential creation, usage, and storage 

For most compliance requirements, it’s important that passwords are changed regularly; this is something that is easily demonstrated with a purpose-built solution.

However, probably the best aspect of all from a technician perspective is that you only need to remember a single password to access the secure vault.

If you haven’t yet implemented a purpose-built solution at your MSP you could well be putting both yourselves and your customers at risk.

 

Built for MSPs by MSPs, SolarWinds Passportal + Documentation Manager is an encrypted and efficient password and credential management solution, offering credential injection, reporting, auditing, password change automation and privileged client documentation capabilities—designed to streamline the technicians’ day by providing essential documentation at their fingertips to standardize service delivery and expedite issue resolution.

SolarWinds Passportal can help you manage risk, shorten incident resolution times, meet compliance for credential creation, usage, and storage. To find out more click here.

 

Andrew Miller is senior product marketing manager at SolarWinds MSP.

 

Request a Passportal Product Demo

Request a demo and see how SolarWinds® Passportal + Documentation Manager, Site and Blink can help you.

Request a Demo

 

 

Additional reading

Password management—A quick best practice guide
How to Build Password Policies for Your Customers
MSP Password Management
You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • Business Growth (75)
  • The Head Nerds (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.