Big Brother is watching you
Managing administrative passwords is a taboo area and one that keeps IT directors awake at night, says Calum Macleod
We’ve all heard the term ‘administrative passwords’. These are the ‘super power passwords’ that sit behind every workstation – it’s the password that once you know it you have access to the network and have the power to change anything and everything and to watch what everyone is up to.
You can indeed assume their identity and manipulate their every move.
Behind every PC lies a super power password; when you forget your own personal password you rely on an IT person to log you back on. How many people in your organisation know the super power password?
This is one of the biggest concerns most organisations have. It’s a big taboo and a subject that puts the shivers down most IT directors’ spines, and many just don’t know how to solve the problem.
It means that if you are the chairman of a large corporation, everything you do can be watched and monitored by all those who know the super power password. They’ll know how much the chief executive is being paid, what his bonus is, what web sites he’s visiting, they’ll be able to see his emails, find out about his personal affairs, know what’s happening to the share price way ahead of anyone else. Anyone will be able to read every bit of confidential information that is communicated or stored on the network if they know the password.
A recent survey into super power passwords found that approximately one half of all enterprises have more administrative passwords than individual ones, and up to 42 per cent of these super power passwords are never changed.
What’s really worrying about these figures is that once you’ve got the super power password, the chances are that even if you leave you’ll still be able to access the system, as they just don’t get changed. If you feel like being malicious towards the company, the best way of destroying it is to use the super power password. You can do any amount of damage once you’re into the network.
So next time you think of the IT guys as the anorak brigade who do the techie stuff and little else, think again – they’re really the Big Brother in your organisation. If this scares you, then think seriously about managing your administrative passwords and put in the right practices and policies so you know exactly who is in control.