The evil Super Admin Password

So you’ve survived a disaster, fire or other adverse event, and you need to shift staff home to work because the office is a pile of smoking rubble. Their PC’s from work are by a stroke of luck usable, and they’ve got broadband. Two thumbs up there.

But about that printer driver you need… It requires admin rights. The domain controller, well it’s at the bottom of a crack in the earth, or in the IT guys garage.

No problem, log in as Administrator, give the local user admin rights, and you’re in business. Oh, they’re an hours drive away, and you didn’t have the fore-sight to install and test a remote control tool.

This is about where you discover why having a single administrator password that is re-used for multiple purposes in the business is considered poor practice. Or, in layman’s terms: down-right silly.

To get the accounts clerk printing, and the receptionist able to configure the network card you’ve now got to give away your precious uber-password over the phone. The kitchen staff can now access skype, but they can also access your bank accounts, the encryption keys for your VPN, the payroll system and the cleverly protected documents with the formula for your world beating popcorn recipe.

You know they will write it on a post-it note and stick it to the fridge, but it beats driving 50k’s across town to fix a 5 second problem… Deal with the fall out later.

So, how many places do you re-use the same passwords? And after the last major outage, did your IT staff have to give it up to the cleaner so he could access Ebay and not tell anyone for fear of having to change the uber-password in 300 hundred different places?

This is part of a series of articles that have come about from my experience in shifting the IT operations for a business after the recent destructive earthquake in Christchurch, New Zealand.