Why Password Rotation?
According to the 2023 Verizon Data Breach Investigations Report (VDBIR), 74% of all data breaches involve the human element and 49% involve stolen credentials. Protecting passwords, credentials and secrets is a vital component to any cybersecurity strategy.
There are 24 billion passwords available for sale on the dark web, but organizations can reduce the time a compromised password is valid by limiting the lifespan of that password with rotation.
By enabling automatic credential rotation, organizations drastically reduce their risk of credential-based attacks while also enabling admins to:
- Enforce the use of strong passwords across systems and devices
- Prevent password reuse across multiple accounts
- Ensure passwords for privileged accounts have a limited lifespan
- Easily meet compliance standards and enforce internal policies for credential health
KeeperPAM – The Next-Gen Privileged Access Management (PAM) Solution
Designed to protect multi-cloud and perimeterless environments, KeeperPAM simplifies privilege management for every user, on every device, from every location.
KeeperPAM is enterprise-grade privileged access management that includes Keeper Security’s award-winning Enterprise Password Manager (EPM), Keeper Secrets Manager (KSM) and Keeper Connection Manager (KCM). This zero-knowledge, zero-trust solution allows organizations to secure their most critical assets through a simple, unified platform.
Password Rotation Simplified
Keeper solves every pain point in the credential lifecycle – from provisioning to deprovisioning. With KeeperPAM, organizations can manage password practices and privileges while simply and securely automating critical activities, including rotation of passwords and secrets.
Weak, repeated and long-standing credentials introduce risk into your environment. That’s why credential rotation is typically mandated by compliance frameworks and a best practice to reduce the security risks associated with terminations, breaches, dark web exposure and more.
Keeper enables organizations to automate changing passwords for privileged accounts including Active Directory (AD) user accounts, SSH keys, database passwords, AWS IAM accounts, Entra ID (Azure) IAM accounts and Windows/Mac/Linux user accounts.
KeeperPAM’s password rotation capabilities enable admins to:
- Automatically rotate credentials on a predetermined schedule or on demand
- Securely share records and IT configuration between IT users
- Rotate credentials regardless of where they exist on-premises or in the cloud
- Perform post-rotation actions such as restarting services
- Receive notifications for incidents such as unexpected credential rotation
- Rotate credentials in remote locations without requiring a VPN
- Access audit logging and change history through the Advanced Reporting and Alerts Module (ARAM)
- Enable privileged and non-privileged users to rotate credentials, not just IT teams
Why Use KeeperPAM?
- Increase credential security via enforcement policy and audit trails
- Easily maintain and prove compliance during an audit
- Simple deployment with no agents required on every device
- No SSL certificates required for the gateway and no open external ports
- Uses built-in operating system tools for rotation so no custom software is required
- Seamlessly integrates into Keeper Secrets Manager and Keeper Connection Manager
Password Rotation is Essential to Meet Compliance
For many organizations, internal and compliance policies mandate regular password rotation. To meet these mandates, organizations must rotate passwords on all devices, including computers, servers and IoT devices.
With KeeperPAM, your team can define best practices and requirements for end users. Automation can also handle post-rotation operations such as restarting services or containers.
How KeeperPAM Password Rotation Works
Establishing a gateway
Keeper’s password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. An outbound connection to Keeper’s cloud security vault is created by the gateway, which establishes a secure tunnel for retrieving rotation requests.
The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets to perform rotation and communicate with the target device. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.
Vault configuration
The credential rotation is configured, managed and maintained completely through the Keeper Web Vault or Desktop App. Credential rotation schedules and settings are all stored as encrypted records in Keeper’s cloud vault.
Keeper’s automated password rotation is easy to deploy and manage. Users can quickly share access to records and manage which secrets are visible to the gateway using shared folders.
Integrates With Your IT Stack
KeeperPAM seamlessly integrates with a wide range of solutions in the cloud and on-premises. These Integrations include AWS, Entra ID (Azure), Active Directory, SIEMs, databases, CI/CD systems and more than 50 others.