I just started to work for a company where the policy is for the IT department to keep a list of every user's password. I know that this is a bad policy, but how do I explain that to my boss? The rationale is that if they need to get into another user's machine, they would not need to reset that user's password. There has to be a good way to explain why maintaining a list of every user's active directory password is a bad practice and that there is a safer, simpler approach to solving that possible future problem.
↧
Does the domain admin need a list of everyone's password?
↧
