Protecting elevated authentication credentials is one of the best defense-in-depth strategies any company can deploy.
In today’s pass-the-hash, pass-the-Kerberos-token, steal-any-credentials world, preventing credentials from falling into the wrong hands can be the entire battle.
Identity is security.
If an identity and its authentication credentials get into the wrong hands, often enough, it’s game over.[ Roger Grimes’ free and almost foolproof way to check for malware. | Discover how to secure your systems with InfoWorld’s Security newsletter. ]

For decades we’ve told people not to stay logged in as admin or root all the time.

Alternatively, they should have two accounts: one for regular user duties (email, browsing the Web, and so on) and another elevated one for administrative duties.To read this article in full or to leave a comment, please click here