It is a very BAD idea for users to share accounts, because if something happened and you needed to know exactly who was responsible for the problem, then it would hard to prosecute.
No password on any account is ALWAYS a bad idea, because anyone could breach the system and either insert bad code, trojans or malware into the network, or non-employees could get into the system, and the company could be sued for millions of dollars.
Passwords that never need to be changed is a BAD idea too, because it would make it easier for a hacker to crack the passwords and break into the network and cause loss of revenue or private information from being stolen or corrupted.
The Administrator account should be renamed, and not be used for basic user activities, because it would increase the odds of the password being cracked, and unknown damage done to the system and business.
I agree that these security policies may help deter the hackers from breaching the system, but there is no 100% safe network or system, just like there is no 100% safe house, or car, or anything. The budget that you spend on the security system should be appropriate for the type of business and the amount of loss in case of breach.
The number one defense that you need to have is to make sure your users are EDUCATED on how best to protect the security of the system, and make sure that they are aware of just how important it is to the survival of the business and their jobs to adhere to the rules.
On the positive side, if the business is protected and continues to make a profit, then the employees will have a job. On the negative side, there would be consequences for failing to adhere to the security policy, and the punishment would fit the crime.
by Sally Frederick Tudor