Password rotation support is only available for domain elevated access accounts that are tied to Active Directory (On-Prem or Azure).
Automating password rotation on your domain accounts is a great way to keep your users and systems secure. It also removes the need for a technician to remember to take care of the rotation on behalf of your organization.
Why is password rotation important?
For domain accounts if an employee were to leave the organization, they can take the knowledge of that password with them. This alone is why it is important to rotate passwords.
It is also good practice to rotate your passwords to remain secure.
How often should passwords be rotated?
The frequency to which the passwords should rotate is completely up to you. It can be as frequently as every 1-hour, to as much as every 30-days.
Why automate password rotations?
Automating password rotation, allows your technicians to focus on what is important – your customers.
Plus, if they’re busy on an urgent matter with a customer, there could be a delay in the passwords being rotated, or forgotten all together, as the day got away from them.
Password best practices
Best practices for passwords have changed over the years. Here are a few DOs and DON’Ts to keep in mind for passwords:
- DO rotate domain account passwords on a regular cadence.
- DO enforce MFA (multi-factor authentication), to add another layer of protection.
- DO set a password length of 12-characters or greater. Remember the longer the password, the harder it can be to crack.
- DO make passwords hard to guess.
- DON’T configure account passwords to never expire.
- DON’T enforce regular users to change their passwords. Reasoning, most will increment the password (e.g.: Password!123 > Password!1234), which weakens the password.
- DON’T reuse passwords across systems or services. Although it might be easy to remember, passwords should always be unique.
- DON’T use a single word for a password.
- DON’T use personal information in the password.
- DON’T keep your password on a sticky note for all to see.
How to enable password rotation
- From the dashboard, click on My Company or choose Customer.
- Click Vault.
- Click on Domain Accounts.
- In the displayed list of domain accounts, find the ones you want to edit. Click the "pencil" icon at the end of the row.
- Switch the toggle to enable password rotation.
- Use the slider to select the rotation frequency.
- Days: Anywhere between 1-hour to 24-hours.
- Hours: Anywhere between 1-day to 30-days.
- Click Complete.
Repeat steps 5 to 7 for each tenant domain account that is to be enabled for password rotation.
Why are my passwords not rotating?
If your passwords aren't rotating, make sure the account has the ability to change a password. Check that password rotation is not disabled on the account. Also be sure that the domain account is added to the domain administrator group.