Have you ever worked at a company during early stages? If so, it is possible that you know their secret internal password. Only a handful of people knew this password in the beginning. You custom created it and met all security requirements. It is longer than 8 characters. It includes upper case, lower case, numbers and special characters. It is easy to remember yet difficult to break in. It is only for internal servers and applications which are not production devices. Life is good.
But slowly and steadily it crept into other areas. One day you had to share it with an intern who was helping out on a critical task. Before you knew everyone in the company knew this password. To mitigate the risk, you created a more secure version of it. You added a few more characters to the same password.
One time when you were in a rush signing up at a website for a personal account you had to come up with a new password. The web site required one upper case, on lower case, one or more numbers and one ore more special characters. Guess what came to the top of your mind? Yes, your company’ secret password. It is not a big deal if you do it one time. You did that a few more times. Now it is all over the place.
Your password manager is blaring at you saying that you have 35 accounts with the same password ☹ . One day you read in the news that one of the sites where you used the company password got compromised. The hackers got away with all the passwords.
Now you are an IT manager at the same company. You took the resolution to clean it up all. But it is not easy as it seems. It is embedded is so many accounts including some critical integrations. You are worried if it will bring the production down if you change that password.
Sounds familiar?
