Identity Stored in Password Manager
Risk Category
Storage
Risk Description
Password managers aren’t designed for NHIs. Learn why relying on them for NHI storage poses risks and explore secure alternatives.
Why It’s a Risk
Password managers may not provide sufficient controls for sensitive identities, and their use can increase the risk of unauthorized access if they are not properly secured or monitored. Additionally, password managers are not designed to handle the lifecycle and governance of non-human identities.
Likelihood of Occurrence
moderate
Medium, especially in environments where password managers are used for both human and non-human identities.
Impact Level
moderate
Medium, as password managers are not designed for long-term or high-sensitivity identity storage.
Mitigation Strategy
Identify identities stored in password managers and migrate them to dedicated secret managers with stronger access controls and encryption. Apply Zero Trust policies to enforce strict validation for any use of these identities.
Playbooks in Clutch
110
Applies for:
Cloud Service Provider
Vault
Source Manager
CI/CD
Password Manager
EDR
Data
Network
PaaS
Collaboration
Project Management
Log Analytics
IDP
CRM
MDM
IM
Ticketing
Automation
HRIS
SIEM
