Confidential emails, files, financial data, instant messaging data, you name it, find their way into the public domain and overnight a company is faced with a crisis or an individual’s private indiscretions become public property. And regardless of whether or not in some cases there may be am issue of the “greater good”, ultimately questions have to be asked as to why nothing seems to be confidential anymore. So who can have access to information, and why in spite of all the security that organisations have in their IT infrastructure is this still a daily occurrence? In a recent Cyber-Ark survey of large enterprises over 50% of organisations admitted to rarely if ever changing the passwords for shared accounts in their infrastructure. They are not being changed frequently according to the enterprise policy, mainly due to the overwhelming operation that must take place after their change — notifying administrators, changing scripts and applications and setting the passwords in services that use them. Even more revealing was the admission that although 99% of enterprises enforced password changes for users on their PCs, only 1% changed the administrator password on the same device, and in the vast majority of cases the administrator password was the same on every PC in the company.