The administrator password allows access to the most powerful programs and most secure areas of the network. If this password becomes compromised, the amount of damage done to the network and the monetary liability of the company can be catastrophic in scale. If the security system is breached, a hacker could potentially steal all of the information on the network, prevent access to any of the files on network servers, or plant keystroke loggers and other identity theft applications in the system.
Hackers aren’t the only threat, though. If a remotely enabled machine is able to get into the administrator permissions sections then the user can manipulate information that is otherwise considered secure. A breach of security, even on the smallest level, can destroy customer confidence and cause a loss of business.
The administrator password should be changed periodically; a set schedule of twice a year is usually acceptable for small businesses and low to medium security operations. Large corporations and companies that deal with high security operations should change their administrator passwords every month.
If there is a change in administrative staffing, a demotion, transfer, termination or other situation in which a person with the administrative password is no longer authorized to access the administrator permissions then a password change should be performed immediately to ensure the integrity of the system. In fact, it should be done before that former employee even leaves the building.