I manage networking equipment for customers. It is fairly standard practice to make all the devices for each customer use the same 'privilege/enable/root' password. Without that all set the same, automation and scripting loop processes becomes exponentially more difficult. We do however, use tacacs to get into most things and that changes monthly for each user.
write it down on a piece of paper..
Put it in a safe and/or a really dirty / undesirable location that people would be naturally adverse to checking.
We are talking thousands of accounts and passwords and machines in a corporate environment. Paper is not practical and surely violates company policy.
If you write a password down on paper in my network and I find out, you don't get a second chance your access is revoked and you will no longer be employed.write it down on a piece of paper..
Put it in a safe and/or a really dirty / undesirable location that people would be naturally adverse to checking.
xkcd #936 (https://www.xkcd.com/936/)Show Image(https://imgs.xkcd.com/comics/password_strength.png)
To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.
Best practice is to use 3 factor authentication with a single central authentication server. If your organization isn't large enough for that to be financial practical, the next best practice is to use keys not passwords.QFT
xkcd #936 (https://www.xkcd.com/936/)Show Image(https://imgs.xkcd.com/comics/password_strength.png)
To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.
What example password does Davkol recommend
Does the fact that commonly people only know about 10,000 to 20,000 words make a difference..
xkcd #936 (https://www.xkcd.com/936/)Show Image(https://imgs.xkcd.com/comics/password_strength.png)
To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.
It is difficult to securely manage access to thousands of privileged accounts? In our organization, I noticed that the passwords to server privileged accounts are often the same on many systems and rarely (if ever) changed. Are there several technological approaches to more securely manage server privileged passwords?
xkcd #936 (https://www.xkcd.com/936/)
(https://imgs.xkcd.com/comics/password_strength.png) (https://imgs.xkcd.com/comics/password_strength.png)
To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.
allineedislove
ilovemySister31,
all of the lights
ilovetofunot
iloveyousomuch
iloveyousomuchWhat's the probability of choosing those words in that order randomly?
You didn't say how you were accessing them.
I manage several BSD servers and many VSphere VMs.
Best practice is to use 3 factor authentication with a single central authentication server. If your organization isn't large enough for that to be financial practical, the next best practice is to use keys not passwords. I mostly use SSH so it has that built in. There are plenty of tutorials on this and a google search will get you what you need.
If you are in a windows environment then a central authentication server is really mandatory. Then you need to implement password procedures such as changing passwords weekly and access control lists. As long as things are set up properly you don't need to pass out administrator passwords on the machines to everyone. Unfortunately Windows is by far the most expensive and tedious.
With OSX and apple workstations and servers it's far easier. They have a nice simple GUI that lets you configure kerberos access to any machine or server as long as each machine and server is a mac or supports kerberos. Most *nix OSes can be set up with kerberos. I do not know how to set up 3 factor authentication on OSX Server or if it is even possible.
I don't know if any of this helps, if not provide some additional details and we can go from there.