2 Replies Latest reply on Jul 9, 2013 7:56 AM by earlonics

    Endpoint Encryption Generic username and Password

    earlonics

      HI All,

       

      Our security Policy states no generic password and or username for any laptop Encryption; however I am being challenged quite forcefully by our organisation to allow this.

       

      I want to know what the general consensus is regarding generic user name and password being used across multiple Laptops.

       

      We are currently deploying from E-Pol and I am concerned that these generic account will leak across all Laptops.

       

      It appears the main issue is the time required to set new users up.

       

      We are a non-profit organisation we have a large volunteer force which means these staff could require access to a laptop at any time, the problem is the admin overhead to get the user onto the laptop, the thought is that a generic user name and password be used to a limited number of laptops, I’m really against this but could do with some sound reasoning to stop the pressure. Or any advice on an alternative solution.

       

       

        • 1. Re: Endpoint Encryption Generic username and Password

          1. It will get out, even onto the Internet

          2. You won't satisfy any data protection regulation as you don't have any ability to audit who is using what

          3. Eepc does not support it, as password changes and logins are replicated between machines, so if one user locks out the generic account, it will lock everyone out

           

          It's generally a bad, bad idea. If you have a duty to protect the data, then do the right thing for the pele who would be affected if the data leaked out and protect it properly at least.

           

          I applaud your stance here. I'd go back to the reason you are encrypting in the first place and work out exactly what you need to do to satisfy those requirements.

          • 2. Re: Endpoint Encryption Generic username and Password
            earlonics

            Thanks Safeboot…..

             

            I know I'm right and I appreciate your support.

             

            Hopefully I will be able to convince the business this is not a good idea. Is there a formal McAfee Guide document “best practice recommendation regarding user names and password that I might wave in front of those that are challenging me.

             

            Cheers