Why do people with admin access use the same password on multiple sites ?

[Elixer]

Site 1 gets compromised which leads to site 2 getting compromised, which in turn is then used as an attacker on yet another site.
All sites are unrelated to each other, except the admin is the same on two of them.

All because the admin used the same freaking password on all sites...
The kicker is, once site 1 got compromised, the idiot didn't bother to tell site 2 anything about it, and they breached the system in the same manner.)
I only found out since I went to update some software and noticed a php shellkit was installed via phpBB3 and was attacking the 3rd site.

So, I ask again, why do people that have admin server access use the same password on different sites ?

Argh!

 

[MustISO]

Laziness and or stupidity.

 

[nickbits]

Not caring and laziness.

 

[inf1nity]

coz they're dumb.

 

[PrincessFrosty]

Often laziness or stupidity.

However, it can be demanding as an admin (I am one), you're often tasked with remembering literally hundreds of unique passwords for all the systems you admin, I'd hazard a guess that the average person simply cannot remember a huge list of strong passwords without using some method to aid them which leads to weaker security.

Password managers, passwords that fit a template but are only marginally different, repeated passwords, passwords written down somewhere...all these methods to overcome the issue cause weaker security in some respect.

It's worth considering how many passwords someone has to remember and only judging if you're capable of managing it perfectly yourself.

 

[smakme7757]

I'd say it's more for ease of use than anything else.



Personally I'd create different password for completely different systems, but I'll admit that my home network which consists of a few public facing services aren't all protected with different passwords.



My drive encryption passwords are unique, but most of my admin passwords are the same.



I don't get paid for maintaining my own servers, so any system wide break in would be my own fault and my own problem. However I'm MUCH more careful on other systems.



It really just comes down to ease of use, but there is no excuse for using the same passwords on multiple servers and especially not on servers owned by different companies/people.



Lets face it, if you're getting paid you have more to loose.





*Mobile post