Boardgent Local Password Manager
It is a robust solution for managing users and local administrator passwords on computers, allowing companies to definitively solve one of the security gaps with the most significant impact today.
This Local Password Manager allows you to efficiently manage the keys configured in the BIOS or UEFI, as well as the local administrator users in Windows, Linux and Mac, and those to manage technologies such as BitLocker and Intel vPro AMT.
Let's go into detail!
Why is it important?
Most companies have authentication directories, such as Microsoft Active Directory, to assign each person a unique identity in all of the company's systems. In addition to managing user names, directories centralize the management of their passwords, forcing people to create secure keys and change them frequently.
However, there are still users and passwords on computers that are not centrally managed, such as the local administrator ones, that reside independently on each computer. For example, the Windows user is on the hard drive's SAM file, the BIOS on the motherboard, and the Intel vPro on a chip near the processor.
Considering that local users reside independently on each computer, they turn out to be very difficult to manage, which is why they frequently violate some basic security principles such as:
- Passwords are not unique: companies usually define a standard and configure it en masse on all computers.
- They do not authenticate a person: as passwords reside on computers, it is difficult to audit who enters each system and at what time.
- Passwords are not changed frequently: usually, companies don't have the tools to change them automatically.
Local administration users are an essential piece of the IT security chain, so companies are forced to use them even if they do not have the tools to manage them properly. In some cases, they are the only mechanism to support certain technologies that work at the BIOS or processor level. In others, they are the last resort to access a computer when it loses connectivity with the authentication directories.
If we don't manage these users, what kind of risks do we face?
Network administrators and members of the IT team and help desk know the local administrator passwords of almost all the company's computers. Although they need them to do their job, this poses a serious security and auditing problem, as there is no reliable way to know who requested a password and at what time.
Currently, junior help desk members of multiple organizations have total control over the computer's information of managers, without restrictions or auditing.
Worse still, since passwords don't change frequently, former employees or temporary external consultants can continue accessing the network. To mitigate this problem, it would imply having a group of people going computer by computer every time someone is no longer part of the company.
As all computers share the same local passwords, when an attacker or a virus impacts a system, it is enough to capture its password to jump and infect the rest of the devices on the network.
In recent months, we have seen how ransomware has easily spread across a significant part of organizations' networks simply because a user makes a security mistake on its computer.
How do we help you fight this problem?
We have created a free solution to help companies overcome this problem.
Boardgent Local Password Manager generates secure random keys for each local administrator user and changes them automatically every hour to ensure that no one in the organization has unrestricted control over computers information.
When administrator users need to configure a computer, they must type a two-factor authenticator to access the platform and then explain the reason to request the local password of that system.
So, with this tool, companies are confident that the local keys of their computers will constantly change and that they have audit logs available to identify unauthorized accesses and people responsible for information leaks.
By correctly managing the users and local administrator passwords, we contain lateral attacks and the spread of malware; as of now, having the local password of a system does not imply having control over the rest of the network.
We believe that companies of all sizes need tools to reach high-security standards, especially now that remote work increases network vulnerabilities.
Try Boardgent for free now.