Blog / When’s a good time to use an administrator level login?
To be clear, almost never.
When you create a user in a system or software, they almost always have different levels/permissions or groups that you can associate them with. While the precise terminology may vary depending on the system, the core concepts are the same and different users will have different limitations on what they can and can’t do. Even if the permissions group with the highest level of access isn’t referred to as an administrator level login in your particular setup, we’re still referring to users with the highest level of privileges. There’s nothing they can’t do.
There are lots of times you need to make use of a login that you wouldn’t necessarily expect:
- Getting a printer/fax to save something to file
- Getting a printer/fax to send an email
- Setting up a task to run on a schedule
- Whenever something needs to make use resources within your network the question of authentication gets raised
Many of the systems we use today were originally designed without the need for authentication. Way back when, long before the internet became the Internet, it was known as ARPANET. ARPANET was originally a distributed communications network that connected computers in various universities, which was then taken over by the military. Access to this network was heavily restricted, and computing resources back then were limited so with a limited user base with limited physical access, there wasn’t much use for mass authentication.
Fast forward to today and the idea of allowing unauthenticated access to anything will rightly raise eyebrows. Anyone with experience in IT has learned, either from firsthand experience or shared horror stories, that you never set anything up without require some form of authentication. Anything that involves a computer needs to be associated with a user. Anything.
That’s why it’s pretty well understood that part of onboarding a new hire involves giving them the login credentials they need to do their job. Usually this means you need making a new user in at least one system, though let’s be real, most organizations use multiple systems so in reality one new hire means multiple new sets of credentials. What most organizations don’t understand is that it’s not just new hires that need user credentials. Automated processes also need login creds.
That might sound weird at first, but remember printers need to have access to emails in order to print them, and access to your drive to download and print documents from there. Anytime one device needs to access another device on your network, it’s authenticating with some set of credentials.
Now, if you had to guess what the most problematic login you could use to give your printer to access your network is, what would it be? Hopefully you said an administrator level login, and you’d be right. Unfortunately, it’s all too common for printers and other oft-forgotten peripherals to reuse existing domain or administrator level logins (rather than having their own credentials properly configured during installation) to give them access to everything.
To be clear, this is beyond a bad idea. Administrator level accounts should only be used if you need to do something that requires administrator level permissions, and printers never need to be administrators. Having your most powerful set of credentials on exposed, exploitable, and usually ignored devices is practically asking for problems down the road.
If you’d like additional security advice concerning your administrator level login, please contact one of our cybersecurity experts and get yourself some stress-free IT.
This week’s quote comes from the Shakespeare’s Henry VIII: “I swear again, I would not be a Queen for all the world.”
Courtesy, your friendly neighbourhood cyber-man.
