New one on me! One userid - two passwords

[Joplin Missouri]

I have stumbled on this one. I have a administrator userid that accepts two
passwords: the old one and the new one! After it accepts the pw, the
desktop comes up with the appropriate stuff so I assume the files for the
old password have been retained.
I guess it's harmless but it has me wondering if it could be used to hack
the network. Any and all thoughts will be appreciated.

 

[Guest]

If it is happening as you describe, it should not make the likelihood of an attack noticeably larger. Unless the old password was weak, or somehow compromised. Usually password crackers work their wiles by gaining access to a system and copying the file containing encrpyed passwords. At this point, they run software on them on their own machines to try to un-encrypt all the passwords in the file. Because this is the standard approach, you can probably see why having two passwords would be quite a marginal extra risk.