The B3TA Detective AgencyUniversalpsykopath tugs our coat and says: Tell us about your feats of deduction and the little mysteries you've solved. Alternatively, tell us about the simple, everyday things that mystified you for far too long.
(
Scaryduck LIKES EGG, Thu 13 Oct 2011, 12:52)
« Go Back | See The Full Thread
Then they should use each person's logon with them sitting there.Rule number one is you never give out a privileged password. I used to work as an admin and the only way I'd knowingly allow someone to test my access would be to check it whilst I watched.
I suppose another way to do it is to change the passwords of the affected accounts to ones known by the auditors for a brief window for testing and change them back afterwards. This, however, would require an air-tight contract to protect both the company concerned and the auditors.
(, Sat 15 Oct 2011, 0:12, 1 reply)
You're right about both.Temporary passwords and sitting over the shoulder.
Truth be told, that type of testing should first take place in a sandboxed environment with test (not production) data.
(
argyleblanket The man on the roof works for me, Sat 15 Oct 2011, 0:23,
closed)
« Go Back | See The Full Thread