Server admins always worry about a hacker stealing their server credentials. Server access credentials can be phished when the server admin tries to connect a server. To connect servers, it requires an admin to send credentials on their PC. When a server admin inputs the credentials on their PCs, it can be phished. Although 2FA, including OTPs and server certificates are set on the server, that code and certificate file also can be hijacked If the phishing malware is already installed on the server admin’s PC.
We cannot be sure that there is no malware running on our PCs. When we use a web browser, email, or any communication applications on our PC, malware can be downloaded without us knowing and steal data on our PC at any time.
Because of that, a server manager needs to use a special authentication method that can not be phished. AutoPassword Access Manager helps a server admin to be free from phishing the credentials. If it is installed on your server, the servers present the automatic code to the admin, instead of asking to input the credentials. Because servers present a one-time credential code to a server admin, there is no chance to steal the credential on an admin’s PC. When servers show the automatic code to the admin, a server admin just compares it with the code generated on their phone.
AutoPassword Access Manager returns the admin’s right from the server whether or not to connect to the server.
DDC(Dong Du Cheon) City adopted the AutoPassword Access Manager to protect their servers. This protects the server credentials, and they also need to change the server password automatically according to their regulations. Usually, one server admin has to manage 200 servers. It’s very difficult and annoying to change the server password periodically following the rules. By adopting the AutoPassword Access Manager on their servers, the server admin at DDC city does not need to change the password of servers anymore.
Challenges
- How to protect input-based credentials even when malware is running on an admin’s PC.
- To change and reset 200 server’s passwords every 90 days according to the regulations
- Temporary server access management for MSPs
Results
- The server access credentials are protected with output-based authentication technology
- The server’s password is changed automatically whenever the admin login to their servers
- Temporary server access management with a single touch