A common use case within the identity life cycle management world, is what to do with shared and privileged accounts. Common accounts such as administrator, root, backup operator accounts and other delegated administration accounts, lead to a significant anti-pattern approach when it comes to password management. For example, many shared service or administration accounts....are just that: shared. Sharing a password is a very insecure method of account administration. This generally brings out several security issues: The password is generally none-complex in order for many users to remember it The sharing of the password is not tracked - people who shouldn't know the password generally do It's difficult to track who is actually using an account at any moment in time Whilst these issues are well known...they are still prevalent, and hence an entire sub industry focused on privileged account management (PAM). Whilst OpenIDM isn't a PAM product, some basic password checko
Recipes for Digital Identity & Security