Privileged passwords are a manageable problem that can be solved in weeks or months. Identity management for all users is a massive undertaking that can stretch out for years. When all privileged passwords are changed, some people lose access they’ve always had. Privileged Session Manager can be configured to act as a sort of single-sign-on portal for servers. Many vendors offer unique features that do more to control access to privileged accounts. For example, Cyber-Ark’s just-announced Privileged Identity Management Suite version 5.0 will include the option of creating passwords that aren’t presented to users.”]
Source: https://www.darkreading.com/attacks-breaches/top-down-password-protection