Should we publish online a shared password for 5000 people?
September 5, 2014 4:37 AM Subscribe
My small company is providing a web service for another organisation. One single username/password combo will be used to access the system. Either -- how should we distribute this combo to the 5,000 tech-illiterate members of the other organisation? Or -- what's a better solution?
I've inherited a situation at a small company, let's call us A.com.
We're building a website for members of another organisation, B.com, to use. It will require username/password login. Nobody else will use the website.
For various reasons that are currently *absolutely* non-negotiable, there will be one single username to access A.com. We will change the password monthly (this is probably a negotiable detail).
B.com already has their own members' areas, which their members access with username/password details that are unique to B.com. We cannot piggy-back on this system, since B.com's site is developed by a third party in Technology Unknown.
The existing plan is for us to regularly change the password, and publish it in the password-protected members' areas of B.com. Yep -- publish the password online in plain-text.
Members of B.com login to B.com, find the current password for A.com, and then go login to A.com.
Problem -- this weakens security. Member IDs for B.com are sequentially issued, and the user-base is very technically non-proficient. The chance of B.com being crackable are probably 100%. That means passwords to A.com can probably be retrieved by a hacker with minimal effort.
Please ignore the obvious: that this is a dumb solution. I've flagged that up already, and I'll be discussing the problems in detail with the boss. As I say, I've inherited this, and I need to fix it.
There is zero budget here. And I mean zero. Purchasing software or skills is not an option, no matter how cheap.
Our website is hosted by a 3rd party who seem averagely proficient in Zend, PHP, Wordpress. I've not been amazingly impressed by their technical chops so far, but they seem like nice guys.
We're doing a likelihood vs damage analysis at the moment, and I'm recommending a mitigation plan if A.com does indeed get compromised.
I've thought about password management; identity authority systems; etc etc -- none of this is feasible. Beyond ripping out the system described, and implementing a bog-standard username/password login of our own, I can't see what else to do.
Any thoughts most gratefully received. Thanks!