In the previous article, we discussed why password management continues to be one of the toughest cybersecurity challenges in Operational Technology (OT) and Industrial Control System (ICS) environments. Legacy systems, ongoing operations, vendor dependencies, and safety requirements all contribute to situations where traditional IT identity controls struggle to function effectively.
Despite these limitations, enhancing password and credential management in OT environments is possible. The key is recognizing that the solution isn’t to impose IT-style controls on every device within a control network. Instead, successful organizations focus on architecture, access pathways, and compensating controls that lower credential risk without disrupting operations. Rather than attempting to retrofit modern identity frameworks directly onto fragile industrial systems, effective OT security programs emphasize managing how access first reaches those systems.
The following methods have been proven to be both practical and effective in real-world OT environments.
Why “Just Use MFA” Isn’t the Answer
When password management vulnerabilities are identified, a common response is to suggest multi-factor authentication (MFA). In enterprise IT settings, MFA is among the most effective defenses against credential theft.
In OT environments, however, the situation is more complex. Many industrial devices simply do not support MFA. Legacy controllers, HMIs, safety systems, and field devices were never designed to work with modern authentication systems. Forcing MFA onto these systems can cause instability, compatibility problems, or operational delays.
Additional challenges include:
- Legacy devices that do not support modern authentication protocols
- Service accounts that cannot interact with MFA prompts
- Shared control-room workstations where multiple operators rotate shifts
- Emergency response situations where authentication delays could slow critical actions
For these reasons, applying MFA to every device in an OT network is rarely practical and can often be counterproductive. This does not mean MFA has no role in industrial cybersecurity; it simply should be implemented strategically at the right architectural layers.
What Actually Works in OT Password Management
Organizations that successfully enhance credential security in OT environments rarely try to fix the problem at the device level. Instead, they focus on cutting down the number of entry points into the control system and implementing stronger identity controls at those access points.
This architectural approach enables organizations to enhance authentication without disrupting legacy systems. Several practical strategies reliably work in industrial environments.
Use Jump Hosts and Bastion Architectures
One of the most effective ways to improve credential management in OT environments is to centralize access through jump hosts or bastion architectures.
Rather than applying identity controls individually across every PLC, HMI, or engineering workstation, organizations require that all interactive access pass through a controlled intermediary system.
This intermediary becomes the enforcement point for identity and security controls.
In this model:
- Users authenticate to the jump host first
- MFA is enforced before access reaches the control network
- Sessions are logged and recorded
- Access can be monitored and terminated if necessary
By funneling access through a bastion layer, organizations can:
- Enforce strong authentication policies
- Capture detailed logs for investigations
- Monitor vendor activity
- Apply security controls without modifying fragile OT devices
Most importantly, this approach improves security while preserving the stability and deterministic behavior of industrial systems.
Fix Vendor Access First
Vendor access is often one of the highest-risk credential pathways in OT environments.
Vendors require access to troubleshoot equipment, apply updates, and restore systems during outages. Because of this operational dependency, vendor credentials frequently bypass normal internal workflows.
Without proper controls, vendor accounts can become long-term backdoors into critical systems.
Organizations can significantly reduce this risk by implementing stronger controls around vendor access, including:
- Time-limited credentials instead of permanent accounts
- Approval workflows before remote sessions begin
- MFA enforced at remote access gateways
- Session monitoring and recording for accountability
By addressing vendor access first, organizations can quickly reduce one of the most common and impactful credential risks in OT environments.
Treat Legacy Devices with Compensating Controls
Many industrial systems cannot support modern password management features. Attempting to enforce complex identity controls directly on these devices may create operational risks.
Instead of forcing incompatible security controls onto legacy devices, organizations should implement compensating controls around the device.

Image 1 – Struggles with Password Management in Legacy OT
Devices often lack the features required for modern password management. For reasons like those shown in Image 1- Struggles with Password Management in Legacy OT.
Compensating controls may include:
- Isolating devices within tightly controlled network zones
- Monitoring network traffic for abnormal behavior
- Restricting which systems are allowed to communicate with the device
- Documenting and formally accepting residual risk
This strategy acknowledges the limitations of legacy infrastructure while still reducing the risk associated with credential compromise.
Define Emergency Access Explicitly
Emergency access is a legitimate operational requirement in industrial environments. Equipment fails, communications are lost, and operators sometimes need immediate access to stabilize or restore a process.
The problem is not emergency access itself.
The problem occurs when emergency access is informal, undocumented, or widely shared without accountability.
Organizations should define clear “break-glass” procedures that specify:
- Who can authorize emergency access
- When emergency access may be used
- How access activity is logged
- How the event is reviewed afterward
Emergency access should be:
- Documented
- Audited
- Periodically reviewed
- Available when needed, but never informal
Break-glass access can be a legitimate operational control when it is intentionally designed and monitored.
Where MFA Actually Works
These architectural approaches all share a common principle: reduce the number of places where authentication takes place and focus identity controls at predictable access points. Once access paths are secured and legacy systems are protected with compensating controls, organizations can begin improving authentication at those entry points. One of the most effective tools for this purpose is multi-factor authentication when it is implemented in the right places.
Although multi-factor authentication (MFA) cannot always be directly applied to industrial devices, it remains one of the most effective methods of identity protection available in OT environments when implemented properly. Many organizations mistakenly try to apply MFA to every endpoint in the control network. Legacy controllers, HMIs, and safety systems were rarely designed to support modern authentication methods, and forcing MFA on these systems can lead to instability or operational delays. A better strategy is to implement MFA at access points, where users initially interact with the OT environment. Essentially, safeguard the entry points to the control system rather than every device within it.
When MFA is implemented at these key architectural points, organizations can greatly improve authentication without the need to alter delicate field devices. The following locations are usually the best spots to deploy MFA in OT environments.
Remote Access Gateways
Remote access is one of the most common entry points into OT environments. Engineers, vendors, and support personnel often connect from corporate networks, vendor facilities, service laptops, or mobile devices to diagnose problems or restore systems during outages. Without strong authentication controls, a stolen password can give direct access to the control network. Implementing MFA at the remote access gateway ensures that credentials alone are not enough to gain entry. The authentication challenge occurs before the user reaches OT assets, meaning attackers must bypass multiple identity checks before reaching sensitive systems.
Because MFA enforcement occurs at the gateway, legacy devices within the control network are unaffected. This method enhances authentication while maintaining the stability of industrial systems.
Jump Servers and Bastion Hosts
Jump servers and bastion hosts offer an excellent location for MFA enforcement. In many OT environments, users already connect to the control network via a centralized access host before reaching individual systems. By enforcing MFA at the jump server, organizations can focus identity verification in a single, controlled point. Users authenticate to the bastion host first, and only after passing MFA can they access HMIs, engineering workstations, or other OT systems.
This method provides several benefits. Authentication events are centralized, which simplifies monitoring and auditing. Sessions can be logged and recorded, offering clear visibility into activity within the control network. Most importantly, security controls are applied at the access layer instead of on fragile devices that might not support modern identity technologies.
Vendor Access Portals
Third-party vendors pose one of the greatest risks as an entry point in OT environments. Vendors often require elevated privileges to troubleshoot equipment, upload firmware updates, or assist with system recovery during outages. Because these activities often occur during urgent operations, authentication controls are sometimes relaxed to avoid delays in support. This can result in vendor credentials remaining active indefinitely or being shared among multiple individuals.
Implementing MFA at vendor access portals provides a strong safeguard against these risks. Even if a vendor password is compromised, attackers still need to bypass the additional authentication factor before gaining access. When combined with approval workflows, session monitoring, and time-limited credentials, MFA significantly reduces the risk that vendor accounts become long-term backdoors into critical infrastructure.
Engineering Workstations
Engineering workstations are some of the most powerful systems in OT environments. These systems can upload control logic, change configurations, and communicate with multiple controllers across the network. Because of their high privileges, engineering workstations are attractive targets for attackers trying to manipulate industrial processes. Unlike many field devices, however, engineering workstations usually run modern operating systems that support MFA technologies without causing operational instability.
Applying MFA to these systems provides an extra layer of protection against credential theft. If an attacker steals a password through phishing, malware, or credential reuse, the additional authentication factor can block unauthorized access to tools that can modify the control system itself.
Bottom Line
Improving password management in OT environments isn’t about forcing IT-style policies on industrial systems. Industrial control systems face limitations that enterprise security frameworks weren’t designed to handle. Legacy devices often lack up-to-date authentication features. These systems usually run continuously with minimal downtime. Safety concerns often outweigh strict security measures. Vendors depend on predictable access methods to support critical infrastructure. Because of these reasons, effective OT credential management requires a different approach.
Successful organizations focus on architecture rather than perfect endpoint security. They reduce credential exposure by controlling access routes, enforcing strong authentication at critical points, and using compensating controls when legacy systems can’t support modern identity frameworks. When password management fits industrial operational realities, it stops being a productivity obstacle and instead becomes a key part of building safer, more resilient systems.
At Enaxy, we assist organizations in modernizing authentication and access control in OT environments without disrupting operations. Instead of imposing IT-style controls on industrial networks, we collaborate with engineering and operations teams to create solutions that balance security, safety, and operational continuity.If you’re looking to improve credential security in your OT environment while ensuring reliability and uptime, contact Enaxy at info@enaxy.com.