The benefit of hindsight
Setting every users password to the same would fail compliance on at least half a dozen different standards and opens the floodgates for masquerading users. We went through a similar project and set every users passwords to a random password generated and got them to change at first logon, simple and effective.
But I work as an IT head and my support team continuously gets moaned at for having such complicated password requirements with requiring users to change their passwords every 60 days following US DOD standards. But ultimately we didnt get a opinion in the discussion, we have to adhere to security standards for compliance and those restrictions are stated in black and white, we just have to live with them, keep them enforced and take the brunt of the complaints.
Biting the hand that feeds IT
