Re: Experimental data
"It may even be that the small cost of having a single password across a long-lived range of equipment is far outweighed by the savings and speed for maintaining it or having to call someone in when you've changed the password and subsequently forgotten it."
The critical passwords should be unique to your organisation, if they are routinely used then they should be routinely changed, and current password should be securely stored where it will be accessible to company officers if they need it (like in a sealed and signed envelope kept in a safe).
A long lived password that's known to many, especially outsiders, is a recipe for disaster; and try explaining it to your insurance company when you do get robbed...
Biting the hand that feeds IT
