In my current company, the IT Risk Team has decided to provide root passwords for about 90 systems using the following conventional method:
- The length of each password must be 16 characters and 8 characters must be entered while the IT infra team enters the remaining one.
- Each team prints the part password on paper and seals it with an envelope. So there are two envelopes to combine the entire password for each account
- The plenipotentiaries sign and seal the envelopes. Without the permission of the IT Security Officer, these envelopes can not be unsealed or disclosed to third parties.
My question is, is this way so manual and time consuming? I suggested using Password Manager, but no one shared the same idea.