When management meddles with passwords

password stock image

There’s a password discussion ongoing today in the section of Reddit populated by system administrators and it was prompted by this lament:

I work in sales now, and I was a former Network Administrator. Today I got an email from management that is asking everyone for their recently changed domain passwords (apparently this is a common practice for the company).

This immediately throws up a red flag to me as the last thing I want to do is email/send/distribute my Domain password to someone else. Management or IT. I went to management and explained the security risks with storing everyone's passwords …

His warning apparently went unheeded.

The ensuing discussion was predictable in that everyone agreed that what management was asking for is crazy from a security standpoint, not to mention a legal one.

Somewhat surprising, however, were the reports that this is not an isolated case … or even rare. From another participant:

In smaller shops it is pretty common. I know a lot of places that do this or just assign users passwords. Hell a lot want everyone’s to be the same. We had a client get angry that someone was in another user’s email and demanded to know how it could happen. I pointed out that we had multiple talks and emails about this and if everyone’s password is the same then anyone could log in as anyone else. They finally took the hint.

Assign everyone the same password? Now that’s one I hadn’t heard.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.