Privileged Password Policy with Thycotic

From an attacker perspective, gaining control of privileged accounts remains the Holy Grail. Using a privileged account, an attacker can not only wreak havoc within a company, but also cover its tracks to make it near impossible to detect until it’s too late.

Thus adequately securing and monitoring the use of privileged accounts is a high priority for many companies.

Washington DC-based Thycotic Software was founded in 1996 and offers privileged account management, end user password reset and self-service AD group management through its three offerings – Thycotic Secret Server, Thycotic Password Reset Server and Thycotic Group Management Server respectively.

Privileged Password Policy

From a buyer perspective, there is no shortage of privilege password vendors to choose from, such as CyberArk, BeyondTrust, CA, Centrify, Lieberman Software, Osirium, Xceedium and others.

However, often time, the main challenge companies face doesn’t necessarily come from the technology implementation – rather from the policy and procedural side. Without a robust policy, the technology itself can remain an under-utilised tool.

To help address the challenge faced by many enterprises, Thycotic has released a free privileged password security policy template. The template is based on best practice standards such as SANS, NIST and GLBA amongst others and is downloadable as an editable MS Word document.


In the pursuit of bigger and better technological advances, it is easy to lose sight of the basics. When we look to breaches in recent history, it’s rarely a highly sophisticated attack that is utilised. Rather, relatively basic attack vectors are utilised and are often successful because a company doesn’t have the right people or procedures in place. As such, giving away a free policy template, Thycotic has the potential to benefit its current and potential customers – particularly in the mid-sized market more in the long run than by enhancing its product alone could achieve.