73
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 09 Jan 2025
73 points (97.4% liked)
Ask Lemmy
27391 readers
1222 users here now
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
founded 2 years ago
MODERATORS
A company I used to work for is big enough that everyone reading this has heard of it. They had this wonderful security nightmare going on:
When you were hired, the company would issue your user credential with a standard password that was "CompanyName1" and require you to immediately change it at first logon. Everyone knew this password because everyone got it when they were hired.
Password policy required everyone to reset their password every 60 days. Not the worst ever but still pretty aggressive. And with the rise of all the mobile devices connecting with your corp account it was getting to be a worse and worse experience.
Can you guess yet how these two policies are linked in my story?
Well, some of the C-Suite executives didn't have time for any of these security shenanigans. So they would have their executive support person log into an administrative console and reset the exec's password every 59 days to the same value that it currently had, thereby bypassing the password re-use filter.
That value they were continuously setting was... "CompanyName1"
I know of at least two executives that were doing this while I worked there.
When I was in middle and high school the school district would always do this at the beginning of the school year.
One year my best friend moved away so in the following years I discovered his account still existed. If I was in the mood to hack (dumb stuff like forging email with their horrible SMTP server for example) I’d just find another computer I wasn’t just using and log in using the default password.