.png)
What happened:
IT Glue customers received multiple emails over the past couple of days indicating an enforcement of MFA and later a mandatory rotation of tech login credentials. We have copied the information and instructions from IT Glue below and strongly recommend all IT Glue users to follow the instructions immediately, resetting all login passwords and MFA.
IT Glue has publicly stated there has not been a compromise and we have reached out to Kaseya’s security team directly for additional updates on this matter. Our IT Glue integration does not have write access to any Quickpass systems and we have no reason to believe any Quickpass systems are affected.
IT Glue has already sent out email communications about enabling MFA on Wednesday October 5th and a mandatory password reset of your IT Glue login on Saturday October 8th.
What we recommend to harden your ITG instance:
At Quickpass Cybersecurity we’re here to help our partners take steps to harden their IT Glue instance and protect their customers’ privileged accounts. We recommend all Quickpass customers using IT Glue to take the following actions in your IT Glue tenant. In addition, we remind partners to use Quickpass Q Guard to help rotate your privileged account passwords. Please rest easy that there are no issues at Quickpass and the below recommendations are provided to help shared partners harden and further protect their privileged accounts.
Step 1: Reset your IT Glue tenant login password. Make it long, such as 30-40 characters, as longer passwords protect you better than complexity. Store the new password in a password manager outside of IT Glue.
Step 2: Enable MFA enforcement on your IT Glue tenant. Once complete, login to your IT Glue tenant and set up MFA using an Authenticator app on your smartphone. Avoid using one time pass codes with your password manager for added security.
Step 3: Enable IP restrictions (if able to). IT Glue allows the ability to enable IP restrictions on your tenant which you can add approved public IP addresses that are permitted to login to the dashboard and also approved for any integrations such as API keys. Support page:
- Caution: If you enable make sure you collect all the public IPs for each integration you have including Quickpass before you enable this.
Step 4: If you are already a customer of Quickpass you can login to your Quickpass tenant and trigger an on-demand password rotation of all your privileged Active Directory, Office 365 and Local admin accounts. These will rotate immediately and update the password in IT Glue as a part of the process.
Support page:
If your rotations are already scheduled to run automatically every day then these rotations will happen without any intervention.
Note: If your still in the process of on-boarding Quickpass please contact support at support@getquickpass.com and we’d be happy to assist.
What we recommend if you would like to migrate your credentials to the Quickpass Vault:
If you wish to separate your passwords from your documentation tool and migrate to the Quickpass Vault, you can contact Quickpass support at support@getquickpass.com to enable the Quickpass Password Vault and to assist with migrating your passwords to Quickpass directly.
We understand that many Q Guard users have the majority of their technicians accessing credentials through IT Glue. Those same technicians may not be licensed to use Q Guard, thus, limiting access to the Quickpass Vault to only a small portion of your technical team.
To address this situation, we will not be charging IT Glue customers who wish to migrate technicians to the Quickpass Vault for additional technicians until January 1st, 2023. To be clear, affected users may add additional technicians at no cost for the rest of 2022 provided you let us know you are migrating from IT Glue to the Quickpass Vault for password storage.
If you have any questions please feel free to reach out to us at support@getquickpass.com.
Sincerely,
The Quickpass Team
