[emingo]

Seriously. I almost stopped reading after this bit...

'specially for infrastructure accounts (if your company uses SSH, chances are you have one Unix Login that all your admins/employees share). Which makes non-repudiation harder.'

Chances are???? What credible sys admin would ever do something like that...?

[antitrust]

Oftentimes, the decisions admins make are determined by the needs of management of fellow employees.

I have on frequent occasions mouthed words along these lines: "It's a bad idea to do it that way, but I can see how it would be much cheaper, efficient or easier to teach employees, so I will tell you the best way to do this bad thing."

You can carefully set up the best security possible, but the instant that a client or bigwig is waiting on something because of it, credentials will be shared and you or other employees may be ordered to share them.

It's just how it is.

[w0rd-driven]

A lovely anecdote: When I worked for Bellsouth.net, the ISP, our router credentials started with a shared admin/(password) pair. The change happened, according to speculation, because of a breach that couldn't be tracked back to a specific user.

If a company's smart, it'll only take one such complication to change that behavior. That behavior barely made sense in 1999 though and any company using shared super-user privileges in 2013 is just asking for a world of hurt...

[badman_ting]

Right, even in the worst shops I've worked in I never saw that. It's madness.