I know the feeling. A few months ago I randomly got a video call from my boss. Both he and the owner of the company were in the line. They let me know that they unfortunately had to let go of almost everyone on the dev team. Some funding had fell through (gotta love startups). Fortunately, I got to keep my job that day, but I can’t shake the feeling that another layoff is right around the corner.
My company has a 6 month probation period. It also has a 6 month password expiry. Because of all the SSO nonsense, it’s quite possible for it to lapse without warning.
It’s now a running joke that get locked out on the last day of probation, and you’re expecting a call from HR any minute.
The current thinking as I understand it is expiry policies make most types of accounts less secure because users just cycle through the same predictable pattern of adding increasing numbers of exclamation points or incrementing the last digit at each required password change, and if you require new passwords to be too substantially dissimilar from x number of previous ones then users can’t remember them at all. Policies that make people use minimally complex passwords because they have too many to remember and don’t understand how password managers work inevitably increase password reuse between services and devices which does the opposite of improving security. Especially with MFA enforced, which I’ve been known to do as aggressively as I can get away with, there’s just no sense in requiring regular password resets – as long as the password remains complex, unique, and uncompromised. I’m not a network security expert but I am responsible for managing these sorts of things in my role and that’s the rationale I use for the group policies in a typical customer’s environment.
You’re supposed to have controls in place to prevent all of those concerns. I’m not saying passwords should be changed every 30 days, but 6 months is a long time.
But, companies with password expirations should be providing a password manager.
Legit, my old job required a 90-day change, and I once logged into a system I could do monetary damage on with ease, because I took a guess at my manager’s password based on how long it had been since he told it to me during an emergency.
He did what every single person I spoke to did. “password 01” changed to “password 02” and I just tried twice, and sure enough he had changed it three times since he had told me.
While I wouldn’t be ruining the company as a whole, I could have easily fucked over the individual location because scheduled password changes just ensure people use predictable passwords.
Don’t let that fear cow you into accepting marginal raises or career stagnation (assuming you’re not happy at your current level). Severance (outside the US) is usually generous enough to skate into your next opportunity and, tbh, working in constant fear is fucking awful for your mental health.
Would probably say in your contract if you have any sort of severance regardless of where you live? Or is there some sort of mandatory severance in some places?
Most places in the US will have nothing about severance written down anywhere, but it’s very common to actually pay severance in a mass layoff situation (unless the whole business is going under).
The US has the WARN Act, which requires 60 days’ notice or 60 days’ pay if at least 500 employees or 33% of the workplace are getting laid off (whichever is smaller). It’s a threadbare legal minimum on severance, but there is a minimum.
In most of the developed world there is a mandatory level of severance (and companies can obviously exceed that if they want but the base amount is guaranteed). In BC it’s one week after three months (the probationary period) a second week after one year and then one additional week per year up to a maximum of eight weeks.
Ah but I love in the US, so I’ll just continue in constant fear. On the bright side, those marginal raises go towards the hilariously high cost of therapy.
Don’t wait for a layoff, start organizing a union for that juicy ‘represented’ employment status (as opposed to at-will). Unions can’t stop layoffs, but they can minimize the impact, negotiate a higher severance, and provide advanced notice. I highly recommend the good folks at CODE-CWA, they specialize in organizing tech workers
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programmerhumor@lemmy.ml
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.
I know the feeling. A few months ago I randomly got a video call from my boss. Both he and the owner of the company were in the line. They let me know that they unfortunately had to let go of almost everyone on the dev team. Some funding had fell through (gotta love startups). Fortunately, I got to keep my job that day, but I can’t shake the feeling that another layoff is right around the corner.
I work in IT. We get notified when people leave.
The cruelest thing in my company is when we get to know before the person in question…
My company has a 6 month probation period. It also has a 6 month password expiry. Because of all the SSO nonsense, it’s quite possible for it to lapse without warning.
It’s now a running joke that get locked out on the last day of probation, and you’re expecting a call from HR any minute.
You might want to let your IT department that 6 months is a really long time
When is someone going to find a password but somehow be stopped because it expires in as many as six months? What is it mitigating?
You might wanna read up on the most current NIST guidelines
https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/
I didn’t realize updating IA-5 was part of rev5. We haven’t gotten to the IA family yet in our rev5 hardening yet.
The current thinking as I understand it is expiry policies make most types of accounts less secure because users just cycle through the same predictable pattern of adding increasing numbers of exclamation points or incrementing the last digit at each required password change, and if you require new passwords to be too substantially dissimilar from x number of previous ones then users can’t remember them at all. Policies that make people use minimally complex passwords because they have too many to remember and don’t understand how password managers work inevitably increase password reuse between services and devices which does the opposite of improving security. Especially with MFA enforced, which I’ve been known to do as aggressively as I can get away with, there’s just no sense in requiring regular password resets – as long as the password remains complex, unique, and uncompromised. I’m not a network security expert but I am responsible for managing these sorts of things in my role and that’s the rationale I use for the group policies in a typical customer’s environment.
You’re supposed to have controls in place to prevent all of those concerns. I’m not saying passwords should be changed every 30 days, but 6 months is a long time.
But, companies with password expirations should be providing a password manager.
Current IT best practice is that passwords should never expire on a set schedule, but they should expire if there is evidence they’ve been breached.
Legit, my old job required a 90-day change, and I once logged into a system I could do monetary damage on with ease, because I took a guess at my manager’s password based on how long it had been since he told it to me during an emergency.
He did what every single person I spoke to did. “password 01” changed to “password 02” and I just tried twice, and sure enough he had changed it three times since he had told me.
While I wouldn’t be ruining the company as a whole, I could have easily fucked over the individual location because scheduled password changes just ensure people use predictable passwords.
Don’t let that fear cow you into accepting marginal raises or career stagnation (assuming you’re not happy at your current level). Severance (outside the US) is usually generous enough to skate into your next opportunity and, tbh, working in constant fear is fucking awful for your mental health.
Would probably say in your contract if you have any sort of severance regardless of where you live? Or is there some sort of mandatory severance in some places?
Most places in the US will have nothing about severance written down anywhere, but it’s very common to actually pay severance in a mass layoff situation (unless the whole business is going under).
The US has the WARN Act, which requires 60 days’ notice or 60 days’ pay if at least 500 employees or 33% of the workplace are getting laid off (whichever is smaller). It’s a threadbare legal minimum on severance, but there is a minimum.
In most of the developed world there is a mandatory level of severance (and companies can obviously exceed that if they want but the base amount is guaranteed). In BC it’s one week after three months (the probationary period) a second week after one year and then one additional week per year up to a maximum of eight weeks.
Happy Cakeday! 🍰🎂
Merci beaucoup!
Ah, so not the USA then
Ah but I love in the US, so I’ll just continue in constant fear. On the bright side, those marginal raises go towards the hilariously high cost of therapy.
Don’t wait for a layoff, start organizing a union for that juicy ‘represented’ employment status (as opposed to at-will). Unions can’t stop layoffs, but they can minimize the impact, negotiate a higher severance, and provide advanced notice. I highly recommend the good folks at CODE-CWA, they specialize in organizing tech workers
And employers love keeping you in that state
“Why are my employees not respecting me? Why are they unproductive?”
“Maybe treat them with a modicum of respect?”
“Must be something in the water.”
“No, no it’s everyone else who’s the problem, not me!”
Me, turning on my PC every day after my main PC was bricked while rebooting for a Win10 update…
Upside: not fired.
Downside: have to do work.
Upside: make money
Downside: not enough money
The frogurt is also cursed
Same
I haven’t been laid off since April. I haven’t had a job since then though, so that’s not exactly ideal.
I got my best IT Job off of Craigs list so don’t count out that option.
I’m I the only one who saw the back of the chair as the person’s hair in the first two panels?
Yes, it wasn’t until the third panel did I notice the arms of the chair and suddenly the person was bald
Could still be hair!
In third panel those are the person’s arms ;)
I’m in this picture and I don’t like it
I got canned from my last job and thr way I found out was my work Gmail was locked out, fuckin class acts them.
Getting fired from my current gig would be a relief tbh.
same here
Im at a perfect equilibrium of indifference for being laid off. Some jobs suck.
Do ya miss me anymore?
Glad someone noticed
AND I DON’T EVEN NOTICE WHEN IT HURTS ANYMORE
I don’t even notice when it hurts anymore.
Anymore.
Anymore.
Anymore.
ey b0ss