printer friendly version

Super power passwords: the threat from within

We have all heard the term 'administrative passwords' these are the `super power passwords' that sit behind every workstation – it is the password that once you know it you have access to the network and have the power to change anything and everything and to watch exactly what everyone is up to.

You can indeed assume their identity and manipulate their every move.

Behind every PC lies a super power password, when you forget your own personal password you rely on an IT person to log you back on. How many people in your organisation know the super power password? This is one of the biggest concerns that most organisations have - they just do not know how many people know the super power password. It is a big taboo and a subject that puts the shivers down most IT directors' spines and many just do not know how to solve this problem!

It means if you are the chairman of a large corporation everything you do can be watched and monitored by all those who know the super power passwords. They will know how much the CEO is being paid, what his bonus is, what websites he is visiting, you will be able to see his e-mails, find out about his personal affairs, know what is happening to the share price way ahead of anyone else, in fact every bit of confidential information that is communicated or stored on the network you will be able to read if you know the super power passwords! For those really nosey IT staff they will be able to know what everyone is being paid in their company and if you want to know all the gossip in the company then it is these IT guys you ought to collar as they are often the most powerful people in the organisation - they can indeed alter the entire course of the company!

A recent survey by Cyber-Ark into super power passwords found that approximately 50% of all enterprises have more administrative passwords than individual ones and up to 42% of these super-powerful passwords are never changed! What is really worrying about these figures is that once you have got the super power password the chances are that even if you leave you will still be able to access the system as they just do not get changed. If you feel like being malicious towards the company the best way of destroying it is to use the super power password and you can do untold damage once you are into the network.

So next time you think of the IT guys as the anorak brigade who do the techie stuff and little else, think again – they are really the big brother in your organisation. If this scares you then think seriously about managing your administrative passwords and put in the right practices and policies so you know exactly who is in control.

Share this article:

Further reading: