General discussion

Locked

Generic Login

By ITDept1 ·
What do you think about "generic" login for networks? Generic meaning one login id and p/w for a group of people to use. Is this a common practice and do you consider your network at risk by doing so?

Update: The generic login would not be for IT staff, but for facility users (like factory users).

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Bad bad bad and bad...

by LarryD4 In reply to Generic Login

You eliminate all ability to detect who has done what with a generic login.

Its a huge security hole.

It is not common practice in any IT office I have ever been in and your opeing yourself and your department to risks and blame for things you don't want to be responsible for.

Collapse -

Also, it's bad.

by CharlieSpencer In reply to Bad bad bad and bad...

IT personnel should have a minimum of two accounts. One is a basic user account to deal with all the day-to-day activities they have in common with normal users: web surfing, e-mail, document creation, etc. The second (and additional) account is for tasks requiring administrative privileges on a a network, database, server, etc. None of these should be shared with other IT staffers.

If you use shared accounts and you have to fire someone with extreme prejudice, you've got a security hole to that can be difficult to close.

I have two generic user accounts, neither of them in use by administrators. One is for factory floor employees to access our intranet and some read-only data. The other allows visitors to access the Internet, and that's all it does.

Collapse -

That is the same as we practice

by Darryl~ Moderator In reply to Also, it's bad.

We only have 2 different generic accounts a 2 remote locations (1 each). It is very restricted with the Internet also locked down tight. It is used by summer students doing grounds work and some public utilities employees who don't have network accounts...it's only used during thier lunch hours & doesn't have any IM software or social networking sites permitted through policies & firewalls.

We also have 1 computer in the DMZ that the public has access to, we have C@P sites here which are funded by government/charity designed for those travelling or residents without computer access of their own. This has DeepFreeze on it and is restored upon reboot. It has IM software, Facebook, etc.

Network Admins have 2 accounts used by the reasons you stated.

Collapse -

Bad idea.

by boxfiddler Moderator In reply to Bad bad bad and bad...

I don't do that with my home computers. :0

Collapse -

Agreed....either do we (nt)

by Darryl~ Moderator In reply to Bad idea.
Collapse -

Generic food/drugs = good

by NotSoChiGuy In reply to Generic Login

Generic logins = muy mal!!!

Is it a common practice---probably more so than it should be.

Is your network at risk--most definitely; if for no other reason that it makes tracking down the 'root cause' all the more difficult.

Personally, generic ID requests seem to be a way to circumvent security or licensing. I won't have any part in either.

Collapse -

A lot will depend on what they will do on the system.

by Deadly Ernest In reply to Generic Login

For the input of data, it's not a good idea as you need to know who put what in and when, thus personalised log ins are needed.

For the checking of information and data, then it's extremely useful and time saving.

You need to assess the security risks and the need to track activity to make a decision.

Collapse -

What do they have access to?

by jdclyde In reply to Generic Login

it gets to the point of asking why bother with a login in the first place if there is no accountability?

Lock it down and then leave it open if there is nothing that can be abused, and user accountability is not a requirement.

Collapse -

That's essentially what you use a generic log in for, but

by Deadly Ernest In reply to What do they have access ...

you still have one so the system can be secured over night and other times the work place is empty of staff - this stops cleaners and burglars etc from accessing the system at night.

Collapse -

Upon further review,

by CharlieSpencer In reply to Generic Login

My original post was up before ITDept1 update his. Now that I know the question regards factory users, I've changed my answer.

I use generic logins on my factory floor computer. The users don't even know the password. I use a tool called AutoLogin, and it provides the credentials at boot-up. The password is 16 characters, with a mix of all four types. The account is restricted in Active Directory to just the factory floor computers, has no 'Change' access to anything, and can access the company intranet but not the Internet. It's not a member of Domain or Local Users groups.

Back to Networks Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums