Skip to main content

Super Power Passwords - Protecting Your Keys to the Kingdom

We've all heard the term "Administrative Passwords" these are the "Super Power Passwords" that sit behind every workstation - it's the password that once you know it you have access to the network and have the power to change anything and everything and to watch exactly what everyone is up to.

You can indeed assume their identity and manipulate their every move.

Behind every PC lies a Super Power Password, when you forget your own personal password you rely on an IT person to log you back on. How many people in your organisation know the Super Power Password?

This is one of the biggest concerns that most organisations have - they just don't know how many people know the Super Power Password. It's a big taboo and a subject that puts the shivers down most IT Directors' spines and many just don't know how to solve this problem!

It means if you are the Chairman of a large corporation everything you do can be watched and monitored by all those who know the Super Power Passwords.

They'll know how much the CEO is being paid, what his bonus is, what websites he's visiting, you'll be able to see his emails, find out about his personal affairs, know what's happening to the share price way ahead of anyone else, infact every bit of confidential information that is communicated or stored on the network you'll be able to read if you know the Super Power Passwords.

For those really nosy IT staff they'll be able to know what everyone's being paid in their company and if you want to know all the gossip in the company then it's these IT guys you ought to collar as they are often the most powerful people in the organisation - they can indeed change or alter the entire course of the company.

A recent survey by Cyber-Ark into Super Power Passwords found that approximately one-half of all enterprises have more administrative passwords than individual ones and up to 42% of these super-powerful passwords are never changed.

What's really worrying about these figures is that once you've got the super power password the chances are that even if you leave you'll still be able to access the system as they just don't get changed.

If you feel like being malicious towards the company the best way of destroying it is to use the super power password and you can do untold damage once you're into the network.

So next time you think of the IT guys as the anorak brigade who do the techie stuff and little else think again - they're really the big brother in your organisation. If this scares you then think seriously about managing your administrative passwords and put in the right practices and policies so you know exactly who is in control.