The password to the server that runs the company is in a spreadsheet. Tab three, halfway down, next to the firewall login and the WiFi for the boardroom. We find this on more estates than I would like to admit. The keys to everything, in plain text, in a file more people can open than anyone has ever counted.
It always starts sensibly. One person sets up the server. They write the password down somewhere so they do not forget it, because losing it would be worse. A colleague needs it once, so it gets pasted into a chat. Someone prints it for the on-call folder. A new starter is handed the spreadsheet on day one so they can get going. Every step was reasonable. Nobody decided the master password should be readable by half the building. It just ended up that way, one small favour at a time.
Then nothing changes it. The password set on day one is the password today, years later, because rotating it would mean tracking down everything it is wired into, and nobody has the appetite. So it sits there. The same string, in a sticky note, in an old email, in a chat message from a person who left in 2021 and whose account still works.
Here is the part that gets people. You cannot say who has seen it. Not roughly, not at all. A shared file does not log who opened it and copied a cell. The leaver took a copy. The contractor took a copy. The password is scattered across machines and inboxes you do not control, and you have no way to call it back. It has not been misused yet, which is the only reason it is still there.
We fixed one of these in a morning. Named accounts, a vault, the shared sheet deleted, the old password retired everywhere it was hiding. The work was not hard. The hard part was the silence in the room when we asked the obvious question and nobody could answer it. Who knows this password? Nobody knew. That was the whole problem.
If you are not certain where your master credentials live, or who can still read them, we will check, for free, read-only, and tell you straight. You walk away with a graded plain-English report. The server has been holding that door open the whole time. Most people just never go and look at it.
Want to know if this is sitting in your estate? We run a read-only check and hand you a graded report in plain English.
Get your free health check