One thing I almost appreciated with my new big company is the need to use a hard password. They require you to use a 12 digit mixed case with numerics and you must change it every 12 months. A bit of a pain but I can appreciate the need for it.

However (you knew that was coming!) I’ve just discovered that each machine has an admin level account set with no password! Der, how secure is that? This is (I assume) to let support get access but to leave it blank? Maybe the logic is that even if it was set to a serious value then it would soon become well known and so pointless - but it would still be an improvement. A proper password hashed against the m/c serial number would be better.

Given the general efficiency round here it could just be the original account setup to allow config (these m/c’s arrive with user name accounts and passwords hashed against personal details so someone has set them up individually and we don’t use the Administrator account) and no one thought to remove it or give it a password.

As ever, it’s talk the talk, make the employees jump the hoops but at company level don’t even attempt to do it right.

So, have you checked your m/c - just nip into control panel, user accounts and see what accounts are there and if you don’t like them delete them or reset their passwords to something sensible.