Techniques for credential auditing

摘要

Techniques for credential auditing are provided. Histories for credentials are evaluated against a principal credential policy for a user and an enterprise credential policy for an enterprise as a whole. An audit trail is produced within a report for the histories. The report indicates whether compliance with the principal and enterprise credential policies occurred and if not at least one reason is provided as to why compliance was not met within the histories.

主权项

1. A system comprising:
one or more processors; and a memory coupled with and readable by the processors and storing therein a set of instructions which, when executed by the processors, cause the processors to:
provide a password management service maintaining passwords for users of an enterprise along with histories for the passwords for the users within a secure enterprise environment, each password history comprising a log of previously used passwords for the user, wherein each password represented in the password history is replaced with substitute text masking the password, and wherein the password management service does not permit the passwords to be exposed outside the secure enterprise environment, andprovide a password audit service interacting with the password management service, the password audit service receiving a request to audit the passwords, inspecting the password histories without accessing the passwords, performing the audit for the passwords for compliance with a policy without accessing the passwords, and generating reports, based on said auditing, to demonstrate whether particular users have complied or not complied with the policy, wherein the report masks the passwords and includes an indication as to whether the password complies with the policy and, when non-compliance is detected, a reason for the non-compliance.