I've worked for two trading firms. One required six passwords to reach "root" access, when coming in remotely (e.g., from home).

The other used the name of the company as the root password for all hosts, accessible from anywhere within the offices.

Horses for courses, I guess.