Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Remove passwords (Score 1) 188

We removed all our passwords.
Sounds like a haven for misbehavior - depending, of course, on what everyone has access to. It also sounds like excellent incentive for your smartest people to leave.

Password-based authentication serves a purpose - it is a way to force you to prove that you are who you say you are (i.e. your username) . Then, in most cases, your username is tied to credentials, which determine which systems and data you have access to (access control). This way we differentiate between the CEO who has access to confidential or valuable company data such as payroll and accounts, vs. the receptionist who only needs to read a spreadsheet of phone extensions.

Now you have created a situation where the receptionist can sign on as the finance manager and walk away with the company's bank account. For that matter, the finance manager has plausible deniability too - "No, I didn't steal that money, anyone could have signed on with my username!"

If anyone in a position of responsibility were not worried about guarding their information, I would suspect them of criminal activity. (This has happened, too, where a manager gave employees his password, thus creating an environment where he could steal, and it could never be proven that he did it.) If you were championing such an idea, I would suspect you of collaborating in theft or fraud. If any such incidents happen at your workplace, you can bet that when the cops come, you'll be under that sixty-watt bulb in a concrete room.

Why don't you have everyone use the same user name? There is no way to differentiate, now, anyone can use anyone's username, so what's the point of having different usernames? For that matter, why even use a logon process? Your computers ought to just be open kiosks if that is your business need.

If you have any significant reason to differentiate usernames, then you have a reason to enforce them, and a reason to use passwords. Think about it.

Slashdot Top Deals

The price one pays for pursuing any profession, or calling, is an intimate knowledge of its ugly side. -- James Baldwin