Good point John. I rarely see a default in a production environment anymore, but in sandbox and development environments...
I saw Matt Laurenceau's posted about passwords today as well - https://plus.google.com/u/0/111882191091175150723/posts/42YkKdvjM1M?hl=en Personally, I recommend using something like keepass to generate and maintain passwords like this. It has functionality to set expirations and alert you to change them. It's better if there's an enterprise solution in place, but barring that, keepass is a heck of a lot better than storing the passwords in a shared spreadsheet, using the same password over and over, or trying to remember your password after not using it for a month. it's free/open source: http://keepass.info/ and there are browser integrations and various password generators. Question for you - what's does your SSO solution do that the OOB solution does not? (the one linked in your signature) On Tue, Mar 12, 2013 at 12:55 PM, John Baker <[email protected] > wrote: > Hello, > > I found this couple of paragraphs in an SSO Plugin newsletter and thought > it was worth sharing. > > We see a lot of Mid Tier deployments and have noticed that the Mid Tier > configuration password is almost never changed from the default value, > arsystem. This poses a security risk, particularly when running a Mid Tier > on the Internet - it doesn't take long to find a few public Mid Tiers with > the default administration password. > > SSO Plugin displays a warning on the status page when the default password > is set, so if you haven't changed your Mid Tier administration password, > why not change it now? > > > John > -- > JSS SSO Plugin for BMC, HP, CA, Kinetic, Jasper and more. > http://www.**javasystemsolutions.com/jss/**ssoplugin<http://www.javasystemsolutions.com/jss/ssoplugin> > > ______________________________**______________________________** > ___________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > "Where the Answers Are, and have been for 20 years" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
