My fellow BOFH's, I recently got audited, a rather minor and lame audit, but it was an audit all the same. One of the things that came up of course is who has all the passwords to the network. My response was, "just me", which is true, I'm the only one that holds all the passwords, effectively the keys to the kingdom.

The auditors of course didn't like that, because after all, what happens if I get hit by a bus. The company could have a lot of trouble recovering passwords from all the equipment and servers. I had always been meaning to come up with a plan for all that important information, that is needed, but you don't want just anyone to know.

I'm curious as to what you guys that are in similar positions as I am do. Most small to medium size companies normally have 1 or 2 people in IT, so policies are normally left up to them, and just reviewed by superiors but with no real input from the superiors.