IT staff often use generic login IDs, such as root on Unix, Administrator on Windows and sa on SQL Server to manage systems. These IDs have the highest privileges but are not directly connected with people. As a result, access to sensitive systems and data by IT staff is not traceable to them individually, creating a gap in accountability.

For example, there may be an audit trail showing that someone used the Administrator account to read an HR file, but there may be no indication as to which of several authorized IT users actually accessed the file.

• Privileged Password Manager randomizes administrator passwords frequently -- in a typical deployment, this is done daily.
• IT staff do not know the current password, so must sign into Privileged Password Manager to get it.
• Privileged Password Manager discloses sensitive passwords for a short period of time and re-randomizes passwords when the time elapses.
• This process reduces the number of people who could have performed sensitive actions on a given system at any given point in time to just those to whom the password was known at that time.
• Privileged Password Manager can be configured to limit the number of people who simultaneously know a password -- for example, to just one.

Privileged Password Manager records and discloses information about every administrative login, to every system.