Need the opposite costume, the overly eager sys admin.
- wants to force password changes once a month for security
- constantly changing security policies to reflect the flavor of the month
- constantly sends out phishing emails tests, wonders why no one replies to any of his emails
My fucking uni is trying to move to passwordless, but you will always need a password to log onto any lab device, and to the wifi, so why?
I mean you don’t actually need a password for that when it’s implemented the right way
A website once complained my password contained 3 consecutive letters there were 1 away from each other. This was back when I used sentences for passwords. It was complaining about the word worst because of r-s-t.
Sysadmin: “A clear indication of phishing email is the sense of urgency. We would never send out any email regarding urgent updates that needs immediate action.”
Also sysadmin: “URGENT!!! You must update your system now before Friday!!! Click link here for instructions! Otherwise you will be locked out!”
Then do this to computer-shaped instrument controller systems that have accounts that can not have passwords changed or the application won’t run. Or service accounts, so if you pop in after 6 months, nobody knows the current password and the IT guy only comes in 2 hours/week. And that was yesterday. And no, no contact information present…
