How Credential Management Store works#This methodology utilizes a secure storage area where credentials are kept for all or most of the applications. The user authenticates to the credential store and a client-side agent then supplies the credentials to the individual applications or platforms.
This solution requires a client-side agent, or service manages credentials on behalf of the user. When access is required to a specific system, the front-end agent, or service then passes the appropriate credential through to gain the required access.
The client-side agent may also manage password changes such that they are consistent CSO, according to a chosen policy, across systems.
Disadvantages#Though credential management store is a valid methodology, the follwoing are considered drawbacks:
- The requirement of a client-side agent requires client-side management which could be difficult within large environments.
- Although credential management store does maintain different passwords among the different applications and platforms, the solution still has the "Keys to the Kingdom" threat where if a users password to the credential management store is discovered.