Do you use a universal password for client sites?
Nowadays there are thousands of IT companies and studios creating websites. Sites almost always have an admin panel, the password from which is transmitted to the client. Often an internal password is created for a company account. “Own” interface (account) may have elevated privileges, “Client” - lower, this is not important.
This may be a project on RoR or a website on Bitrix - it does not matter. But customers can be many. Someone can use one universal password for the whole company, just so as not to remember many different passwords, someone does not. Theoretically, the “common” passwords approach can play a cruel joke - a former employee who knows such a password can spoil life well. Sometimes they do this: invent a system for generating a password based on a domain. But this does not solve the problem of the dismissed employee. And sometimes they just keep everything in some KeePass.
Now, first of all, I appeal to those who create websites and web-projects with administrative interfaces for clients. Attention, question:
This may be a project on RoR or a website on Bitrix - it does not matter. But customers can be many. Someone can use one universal password for the whole company, just so as not to remember many different passwords, someone does not. Theoretically, the “common” passwords approach can play a cruel joke - a former employee who knows such a password can spoil life well. Sometimes they do this: invent a system for generating a password based on a domain. But this does not solve the problem of the dismissed employee. And sometimes they just keep everything in some KeePass.
Now, first of all, I appeal to those who create websites and web-projects with administrative interfaces for clients. Attention, question:
')
Source: https://habr.com/ru/post/188024/
All Articles