It's a different sort of "security through obscurity". We all know that many locks (elevators, etc) have a master key -- we see the receptacles every time we ride in such an elevator. The obscure part is not that there IS a master key, but rather its shape.
A master key is the same as a backdoor known to few. Whether you're using a key that fits the lock, or know that 'Joshua' is the superuser's login, it's still a "secret" which only provides protection while it's actually secret. I think it still counts as STO.
Not meaning to start any kind of semantic flame war, but I'm still not convinced.
> Whether you're using a key that fits the lock, or know that 'Joshua' is the superuser's login, it's still a "secret" which only provides protection while it's actually secret.
But isn't the same true about passwords? Aren't passwords secrects providing protection only when they remain unknown?
The problem here lies, IMO, not with secrecy but with the password/key distribution and protection. I could imagine a situation similar to described in the article if an administrator gave server's root password to half of the company staff, hoping that no one leaks it.
A master key is the same as a backdoor known to few. Whether you're using a key that fits the lock, or know that 'Joshua' is the superuser's login, it's still a "secret" which only provides protection while it's actually secret. I think it still counts as STO.