General discussion


User password list

By dneustadt ·
I'm the IT administrator for a small company (30 employees) The person before my time kept a list of all the users passwords. That person has since been moved out of the admin role and into another, but still at the company. I've since changed the administrator password (of course) and forced a password change by all the employees. My question is: should I continue the policy of keeping a list of the users passwords? I can do this by assiging them password or having them choose their own and report it to me?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

My thoughts

by Jeromey In reply to User password list

I can't think of any reason to save passwords. If a user forgets his/her password, you can manually reset it. If another user needs access to data, you can do that with permissions.

If you decide to keep a doc with passwords, password protect it and keep it on a location where you (or management) has access to it.



Collapse -


by R3D In reply to My thoughts

I don't think you would want a list like that around anyways. you can always disable or change the passwored to lock it and to get into the user account yourself, if you so needed. Why bother having something around that could "legally" remove responsibility from that individual should something happen from that account? IE. - said user "jdoe" is shown via audit as deleting important documents from a file share, (not likely, but possible). If it is known that this list exists, one could argue it was compromised and that the actual user jdoe may not be the resposible party to this act, he also cannot be "legally" held responsible for the incident. This is an actaul case, but I cannot go into detail; legally, heheh. Anyways, it's up to you if you want to take on that resposibility.



Related Discussions

Related Forums