What are “Shared Web Passwords” and why should I secure them?
- February 8, 2024
- Posted by: admin
- Category: Blog
In recent years, many enterprise services accessed over the web integrate some federated login. The Identity Provider (IdP) could be anything from Azure Active Directory, Ping Federate, or even a Google account or LinkedIn account. Sometimes, these features are not offered, or your organization is not large enough to warrant the “add-on” cost to implement. In these cases, it is common for one login to be used by the whole organization to access this single vendor.
Sharing is Caring
With shared web accounts, it can be difficult to ensure that they are secure without also causing major headaches for one or two individuals. Let us take the example of a small-ish finance department that needs to access their payroll application online. For this department to use a federated login, they would need to upgrade to an “Enterprise” license. Many of the features offered to the organization would be “too big” for them or hardly used. The free options are usually the consumer-grade options: E-Mail, SMS/Text, Authenticator App. The problem here is these options tie the account to one person. Some organizations may have a mailing list or shared mailbox for email notifications. This could be an option but relies on your email server (and client) being operational and prompt. Another option commonly offered is using your phone for a TOTP (Time-based One Time Passcode). These are set up in applications like Authy, Google Authenticator, etc. and are also not conducive to sharing an account because it is tied to one person’s phone.
Secured TOTP Generation
Secured and shared TOTP Generation can enable TOTP generation on a per-credential level. Using this, we can move the TOTP generation from an individual’s phone to a centralized, secure location that can be accessed by those who need access to the credentials. You will no longer need to wake up Susan from Finance at 2 am for an emergency because the MFA (Multi Factor Authentication) TOTP is tied to her phone or email address. There are various products on the market that can facilitate this functionality. Among them being Delinea’s Secret Server and others.
Vaulted TOTP In Practice
Once your credentials and TOTP are stored securely in a vault, you will no longer need another person to use them. There is not any reliance on your mail server to email out quick enough to the shared inbox to get a link or OTP code. Now that your login credentials are stored in a secured, resilient vault, you can get any task done with a shared web account without having to rely on another user or team to get there.
Other Things to Consider
Now that the username, password, and TOTP generation are all handled by your vault, you have nothing left to do, right? Right?
Wrong!
Just because it is in a vault, does not mean that your account is secure. You will also need to adhere to your company’s policy or Best Practices and rotate the password for the web-based account regularly and with a randomly generated password.
Conclusion
While securing the usernames and passwords of accounts (web or otherwise) is an obvious step, keeping your TOTP generator safe as well will only increase the security around those accounts as well as keep a single contact from being on the hook for MFA requests.
Have question or comment? Feel free to post below or send to info@cybersolve.com.
Leave a Reply
Contact us at the Consulting WP office nearest to you or submit a business inquiry online.
Todd is a recognized IAM and Cloud industry expert who brings over 20 years of experience in managing, advising, architecting, and deploying IGA, Authentication and Authorization, and Cloud solutions and services across IDaaS, SaaS, IaaS, and PaaS. Todd is a frequent speaker on effective risk and security practices at leading industry events. He is responsible for the oversight of CyberSolve’s business segments and for the development of strategic plans to sustain the company’s rapid growth while providing trusted advice to clients across the security and risk spectrum.
Atul has over 20 years of experience in managing, designing and implementing Customer Relationship Management (CRM) and Salesforce integrations. He has acted as a cloud-focused solutions expert in both domestic and international markets. Prior to founding CyberSolve, Atul was a Technical Consulting Director at Salesforce where he demonstrated his strong experience architecting financial services industry solutions. Atul holds a Bachelor of Engineering from Madan Mohan Malaviya University of Technology.
Shub possesses over 15 years of experience in the Identity and Access Management (IAM) industry in pre-Sales and technology architecture roles. Shubham has held various positions with SailPoint, RSA, Saviynt, and Okta. He has extensive Identity and Access Management industry technology and sales experience in both domestic and international markets as well strong knowledge of how Identity and Access Management satisfies Audit and IT compliance issues. Shub holds a 
Rajesh has served Multi-National Corporations and large organizations as a full time Vice President of Finance, Chief Financial Officer and in equivalent roles. In order to fulfill his duties as a CFO he is a Chartered Accountant, holds a Diploma in Information System Audit (DISA certified by the Institute of Chartered Accountants of India), is a Certified SAP Consultant, Certified QuickBooks Professional Advisor, and Zoho Partner with 30+ years of experience in managing Finance, Accounting and ERP Systems for Medium to Large organizations in diverse sectors.
John is an experienced IT executive with extensive business leadership, operations management, project management, technology delivery and consulting skills who spent over two decades with General Electric where he was responsible for all aspects of their Global PIM program, he was also a key member of the security assurance team for the organizations Capital business. John leads the delivery of client services across the business landscape, to include Privileged Access Management, Managed Services, Identity Governance & Administration, Cybersecurity and Cloud Services.
Luis has been facilitating IAM programs for 20+ years. He was the CRO at Clear Skye, which builds identity governance capabilities on the ServiceNow Platform. His prior experience with services companies that deliver real world identity solutions has made him a trusted resource for information security executives that he has the privilege of advising. Luis assists in the management of our global sales organization, driving revenue growth via direct sales, ensuring our customers have the best plan and solution to ensure their IAM investment achieves the lowest TCO while providing the highest ROI.
Amit brings over 15 years of Identity and Access Management (IAM) experience to the organization. He has a proven track record in providing customers with the best of breed Identity and Access Management solutions. He ensures success within all engagements by staying integrated with the customer throughout the engagement whether it is a program, project or managed services and support. Amit acts as a customer champion at all times to ensure the right solution and resources are in place to achieve the right requirements.
James leads the delivery of client services across the Identity, Access, and Authorization landscape. He has delivered projects across a wide range of products including Okta, Ping, ForgeRock, Oracle, Microsoft, Citrix, Imprivata, Radiant Logic, Axiomatics and many others. With the advent of modern cloud services, James has served as the internal cloud architect and administrator for almost 10 years and uses that experience to help users make the best use of it.
As a veteran of the Identity Governance and Administration (IGA) landscape, Tony’s career has spanned from being a hands-on Architect\Engineer on numerous industry-leading IGA solutions to building and managing industry-leading Professional Services delivery teams. Tony brings that vast knowledge to CyberSolve and the teams under his management. In recent years Tony has been instrumental in the migration away from the legacy on-prem Identity Governance & Administration solutions to modern cost-effective cloud products.
Clark is a Channels, Sales and Marketing executive with 40+ years of experience as a direct seller, Executive and Founder. His experience includes services, software and hardware sales to Commercial, Federal, and State/Local/Education entities across US Domestic and International markets. Within the IAM spectrum, Clark spent over 5 years as SailPoint’s Channel Manager, Federal & Healthcare markets. He has developed and managed Partner relationships and strategies globally, and is known for significantly growing the revenue of his partners by building trusted, profitable relationships and business strategies.