Hi Andrew, can you get me the password on x.o.com? I need access to the z database instance as well. - Bud
Now part of this is just vanity. I'm not supposed to be administering systems at all. But given a choice between my 30 minutes and forcing "Bud" through a few hours of interaction with overworked admins, I just go ahead.
But what is Bud asking for? Well, he probably wants the password for root on x.o.com, and for SYSTEM on instance z.
??? WHAT ???!!!???
Yup, that's the request. "It's just a development system, it doesn't matter if the password is disclosed. Anyway we're inside the firewall."
GAAAAAAA !!! ! !! !! !
Part of the exasperation, of course, is those passwords requiring regular changing. Another is dealing with multiple servers. I spent a few months banging around OracleVM templates and having to recreate users and passwords and which version had which password on which account. Combinatoric overload fried my brain.
But tossing around passwords among people is what really torments.
When you send a password to someone through email, it never dies. It hangs around in a mail folder, stored in a disk file, or very frequently gets posted to a server.
It gets copied to equivalent servers. It gets used for new setups. The installer for your next release uses this password.
DumbBloke M. Oron @SchemaCzar did you say you have "stupid" as the SYSTEM and SYS #password for #FtMeade ?
SchemaCzar Andrew Wolfe @DumbBloke not any more, but it's still your password.
Because of this, passwords make me insane.
When you have a physical key to a physical lock, you can't email it and you certainly can't easily duplicate it. You can't tweet your brass Schlage key to the entire world. But computer users, even developers, treat a password as if it offered the same security.
Anything you can do to eliminate public or shared passwords in any system you administer - DO IT!