Conversation
Notices
-
What's the point of personal user accounts, if everyone knows all the passwords.
I just encountered this situation. I'll be blogging about this when the project is over, but I can't go into any details right now. But the question remains very valid. Why?
Before anyone asks:
1) No there's no 2FA.
2) You can't change your personal password.
3) All you need to access the system is username and password
Conclusion: If my personal account is closed for whatever reason, I can use any other account just as well.
Only good thing I find about this case, is that the pre-assigned passwords are proper, and not something like defaultpwd or so. I'm sure we've all seen those.
#personal #password #management #user #identitymanagement #security #absurd #funny #strange #it #sysadmin #infosec