How are other large enterprises protecting credentials on endpoints (specifically desktops)?
Sort by:
Using the Two factor Authentation, Proper credential protection solution like LAPS, Privilege's management etc.
Large enterprises protect desktop credentials through:
Endpoint protection software
Multi-Factor Authentication (MFA)
Encryption
Regular software updates
Privileged Access Management (PAM)
Security awareness training
Endpoint Detection and Response (EDR)
Group policies and access controls
Multi-factor authentication is our go to solution in achieving end point protection. However we have implemented password complexity according to NIST 800-53 and regularly enforcing system updates and deployed crowdstrike falcon, AV solutions.
We use minimum 14 character strong passwords with no admin rights granted to end users in their normal account. All administrative accounts are rotated nightly and require multi factor authentication.
Large enterprises employ a variety of security measures to protect credentials on endpoints, especially desktops, given the critical role they play in daily operations. Here are some common practices:
Endpoint Protection Software:
Utilizing advanced endpoint protection software that includes features like antivirus, anti-malware, and endpoint detection and response (EDR) capabilities. These tools help detect and prevent unauthorized access and malicious activities.
Multi-Factor Authentication (MFA):
Implementing multi-factor authentication to add an extra layer of security. This requires users to provide multiple forms of identification (e.g., password, smart card, fingerprint) before gaining access.
Password Policies:
Enforcing strong password policies that include complexity requirements, regular password changes, and avoiding easily guessable passwords. Using password managers can also enhance security by generating and storing complex passwords.