I bet he also picks up USB sticks from the parking lot and plugs them into his work computer.
Password expiration is no longer considered a best practice. FYI.
Yes, that’s true, and hasn’t been considered so for a long time
It was never best practices for anyone who had common sense.
It just forced people to make insecure, easy to remember passwords, cause they were gonna be changed in again soon so why make it complicated and hard to remember.
Encourages users to just add a rotating number or other not too secure thing to their password. I know that’s what I did when I worked somewhere with that dumbfuck policy.
Yep. My least secure password is the one I use at work because I’m restricted to 9-12 characters, can’t be sequential forwards or backwards including keys next to each other (abc, 123, qwerty), can’t begin with a number, must contain at least three numbers, must be at least four characters different from your last twelve passwords, and must be changed every 90 days. Oh and it can’t include your first or last name.
Most of my coworkers just use a family members name and then change a few numbers at the end and keep a post it note at their desk with the numbers so they don’t forget it.
I would imagine most users change their password by only 1 character, and maybe even in sequential order.
When time comes to change the password, it becomes password1234 instead of password123. Or password234. Something easy to remember, most users don’t care about best security practices, and changing to a similar password is very convenient. Especially if it’s “only” for work stuff
I got to step 20, where my password suddenly caught on fire and Paul died.
My day is ruined.
The cybersecurity email tests I get at work are so transparent - Hi user, You have an unpaid invoice, please follow link to pay immediately.
I wish I could I could reply no I don’t fuck off but I’d probably get in trouble lol
At my work the company wanted to show some gratitude and sent out email with free ice cream vouchers to everybody. Many suspected this was just another one of these cybersecurity email tests, so the company had to clarify it’s all real.
I think it’s hilarious the thought about hackers using ice cream as bait. Maybe that would work?
On the other side of things, don’t you love systems that return “invalid password: password is not unique”?
Even worse is the CEO.
He needs access to everything and he’s far too important to waste time with security.
