[itguy50]

Hello, this may not be the right Forum but I work for a small company in the IT department and my supervisor has tasked me with updating how we manage our passwords. Currently we use Active Directory to setup users and have a custom Windows program that ties into AD to allow our local users to change their password every 90 days. We also have several users who are strictly mobile and do not have any hardware besides a cell phone with email.

Basically I'm wondering how other IT Professionals typically manage their passwords.

1. Do you use a third party service like ADSelfService Plus?
2. How do you work on your users systems if you need to log in under their profile.
3. If someone forgets their password do they have to call the Help Desk or can they reset on their own

Any other info you could give would be very much appreciated. Thanks

 

[buzza24]

I work for a service provider, so we not only have to record our own passwords but manage that for all our clients.

1) For an internal IT dept, consider using KeePass or DashLane. This will be good for saving your passwords with multi-user access. Both solutions offer encryption to secure your passwords.

2) Not sure why you would have a custom program for resetting user passwords. You should configure a Group Policy to do this.

3) We use a system called N-Able to remotely manage our clients servers and clients which allows us to access their PCs for support including shadowing their session. This means that we can work on their profile without necessarily needing their password. Consider looking into N-Able or Kaseya.

4) If someone forgets their passwords, they should log a ticket with your support desk and you help desk team should be able to reset this password. There are systems you can implement to allow the users to reset their own passwords, however if its not implemented properly can be a huge security risk.

I hope this has given you some more insight.