On the other side of things, don’t you love systems that return “invalid password: password is not unique”?

“What do you mean this password is too short? I use it for everything!”

Needs a special character?

Password123!

“how many times do i have to tell you that your name + your birthday date js not a good password!”

Installs antivirus on servers that wrecks application performance
installs content filtering proxy that prevents developers from reading “hacking materials” like OWASP documentation
won’t let developers install anything on their own machines without filing a ticket and waiting 6 weeks
pushes unannounced antivirus updates that pop up OS security dialogs like “Netscan Antivirus would like to monitor all network traffic. Enter your password to approve”, and is surprised when users don’t enter their passwords.

Your corporate IT guy

Sigh. Their hearts are in the right places…

They usually don’t have a choice. They know this stuff is bad, but they need it to demonstrate compliance with XYZ framework so they can fill out the marketing copy so sales can land a contract with some big customer that wants to know why $competitor has better security than you.

We might work at the same company lmao. My laptop is borderline unusable due to all the monitoring garbage despite having really fast hardware

Need the opposite costume, the overly eager sys admin.

wants to force password changes once a month for security
constantly changing security policies to reflect the flavor of the month
constantly sends out phishing emails tests, wonders why no one replies to any of his emails

Then they have you make it some 12 character length minimum string with mixed case and special characters and dictionary lookup so it isn’t some common phrase but you’re also logging in through a telnet instance onto a Unix system.

A website once complained my password contained 3 consecutive letters there were 1 away from each other. This was back when I used sentences for passwords. It was complaining about the word worst because of r-s-t.

That’s wack. Passphrases are second only to random passwords generated by a password generator in terms of security, character proximity doesn’t matter with that much length.

My fucking uni is trying to move to passwordless, but you will always need a password to log onto any lab device, and to the wifi, so why?

I mean you don’t actually need a password for that when it’s implemented the right way

…implemented the right way

see

…you will always need a password

As someone in the InfoSec field, I also hate those people.

Sysadmin: “A clear indication of phishing email is the sense of urgency. We would never send out any email regarding urgent updates that needs immediate action.”

Also sysadmin: “URGENT!!! You must update your system now before Friday!!! Click link here for instructions! Otherwise you will be locked out!”

Spot on. We’re changing XYZ policy and we need everyone to do this training within the week. Wait, why’s no one opening my emails

Then do this to computer-shaped instrument controller systems that have accounts that can not have passwords changed or the application won’t run. Or service accounts, so if you pop in after 6 months, nobody knows the current password and the IT guy only comes in 2 hours/week. And that was yesterday. And no, no contact information present…

Searches for things online by typing it as a post on social media instead of using a search engine as in: “Google what is the weather like today near me?”

You must know my parents 😅

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

"why would i change my passwords?"(pawb.social)

Programmer Humor

!programmerhumor@lemmy.ml

Rules:

Community stats

Community moderators