Reply to post:

OneLogin breached, hacker finds cleartext credential notepads

LDS Silver badge

Just another way to use Excel instead of a proper database.... which at least usually has better access control.

Anyway it's funny people still fail to understand "shared logins/password" are baaaaaaad (and just plainly lazy). Each and every user must have its login/password pair. It makes accountability clear, it allows for revoking access easily, it allows for more granular permission (not everybody needs full privileges).

"Disaster recovery" is a different issue. Your boss may want to have a "disaster recovery" account stored safely somewhere if something happens to each and every authorized people. Still, this disaster recovery account must be one separated from all the others, and never used for everyday use.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019