Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

How often do you change PDQ passwords?

Joe Stern

August 18, 2017 16:22

We created an account (called PDQ, of course) that is a member of the local admins on all desktops. We decided, since this account has a lot of power, that we should rotate its password as frequently as our other privileged accounts. However, particularly since moving to the central server architecture, changing passwords in PDQ Deploy and PDQ Inventory is very cumbersome.

My questions for the community are,

1) How often do you rotate your PDQ account password?

2) What other mitigations are available to prevent password/hash capture and abuse?

Comments

1 comment

Monica KVH
September 01, 2017 15:26

Our password policies for administrators here is to change them every 90 days. Of course, we can change them more often if we like.

As far as capture and abuse mitigation go, I could only recommend that you set up PDQ with your actual administrators' credentials, not just a generic/shared admin account. Just make sure in any case that the number of licenses you have matches up to the number of admins who have access to PDQ.

Generic accounts always spell trouble--credentials can be leaked so easily, even in casual conversation between admins (eavesdropping is a thing).

0