Legit, my old job required a 90-day change, and I once logged into a system I could do monetary damage on with ease, because I took a guess at my manager’s password based on how long it had been since he told it to me during an emergency.
He did what every single person I spoke to did. “password 01” changed to “password 02” and I just tried twice, and sure enough he had changed it three times since he had told me.
While I wouldn’t be ruining the company as a whole, I could have easily fucked over the individual location because scheduled password changes just ensure people use predictable passwords.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programmerhumor@lemmy.ml
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.
Current IT best practice is that passwords should never expire on a set schedule, but they should expire if there is evidence they’ve been breached.
Legit, my old job required a 90-day change, and I once logged into a system I could do monetary damage on with ease, because I took a guess at my manager’s password based on how long it had been since he told it to me during an emergency.
He did what every single person I spoke to did. “password 01” changed to “password 02” and I just tried twice, and sure enough he had changed it three times since he had told me.
While I wouldn’t be ruining the company as a whole, I could have easily fucked over the individual location because scheduled password changes just ensure people use predictable passwords.