It can be difficult to securely manage access to thousands of
privileged accounts. Consequently, in many organizations,
the passwords to privileged accounts are:
- known to many people, possibly including former staff,
- often the same on many systems,
- rarely if ever changed and
- stored in plaintext, by people and by applications.
There are serious consequences to these password management
- There is no accountability for use of shared, privileged accounts.
This is both a security / regulatory compliance problem and
a problem with diagnosing operational problems.
- Former staff may retain sensitive access.
- Attackers have an easier time compromising these dangerous accounts.
- If one system is compromised (e.g., an IT user's PC or an application
server), the attacker can leverage passwords stored or typed on that
system to compromise additional systems.