"Richard" <qaz1521_at_hotmail.com> wrote in message news:<bsap6b$9ci$1$8302bc10_at_news.demon.co.uk>...
> I recently inherited a database with several hundred user accounts, each
> with a separate password. Each account needs to be accessed frequently by a
> number of operators in order to manage the database application. Security
> policies preclude the recording of passwords in an easily accessible format
> (e.g. writing them down). The passwords are changed regularly - sometimes by
> users who forget to tell anybody what the new password is!
>
> Chaos reigns supreme!
>
> There must be a better way to authenticate users. Does anybody have any
> opinions or suggestions? Hardware solutions, like biometric devices or smart
> card readers, are not an option due to cost.
> ...
One suggestion: is it possible to take a different approach to the
problem? It sounds like you have a number of people logging into the
the same accounts, so they have to share the passwords. Our own
security policies frown upon such "shared accounts". You said you
just inherited this mess, but if at all possible, can these operators
each have their own personal account for accessing the applications?
Then they are responsible for their own password, and you have the
individual accountibility that you don't have by sharing accounts.
And if that works, maybe these other accounts can be dropped, or at
least locked down, as long as no other processes need to log into
them.
--
Joe
http://www.joekaz.net
http://www.cafeshops.com/joekaz
Received on Tue Jan 13 2004 - 07:28:18 CST
