Announcement

Collapse
No announcement yet.

Password security is IMPORTANT!

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password security is IMPORTANT!

    One from my husband...

    We were discussing (ok, complaining about) passwords and all the usual rules that big companies put in. In my company, we have one corporate website that no-one uses, and we have to change our passwords every three months. Of course, what actually happens is that everyone forgets their password, gets the reminder to change it, and then has to phone IT to get it unlocked so they can change it. Sigh.

    Then husband gives me a story that actually made my jaw drop.

    Their company IT person is useless...I will try to get him to tell the rest of the stories sometime! Basically knows nothing about IT and no one is sure how on earth she got hired for the position. Deleted chrome to try to get husband's computer to run faster...unfortunately, acrobat doesn't work either, and the updated version of chrome wouldn't install, amongst other issues due to her 'clean-up'. He said it took three hours to get something running so that he could open PDFs.

    So, they have to change their passwords every six months. IT person sends an email round reminding everyone of this, and also reminding them that the passwords have to be secure - letter/number combination, more than 8 characters, the usual stuff of no pet's names and birthdays.

    Then, on the bottom of the email, a reminder to everyone to send IT person their ID and password, so that she can get access to their computer if they are away for any reason.

    This is a person with admin access, who can therefore reset passwords if she needs to. Husband said cheerfully that she probably has no idea admin access even exists, and wouldn't know how to use it even if she did know.

    And then the kicker, that made me : all these user IDs and passwords...are stored on a spreadsheet. On the company drive, so that if anyone needs to get into someone else's computer while they're away, they can access it.

    IT person sees nothing wrong with this arrangement.

    I told him to start looking for a new job.
    I speak English, L33t, Sarcasm and basic Idiot.

  • #2
    Holy moly, that could go horribly wrong!

    Comment


    • #3
      Ok, I'm going to be blunt: DUMBFUCK.

      The only way I can see her not having access is that AD or LDAP has not been implemented correctly; or that the previous admin didn't give out the root/god password. OR possibly that she's just a quicky desktop fixer, and has no admin rights herself.

      If those 2 situations above are not true, DUMBFUCK.
      In my heart, in my soul, I'm a woman for rock & roll.
      She's as fast as slugs on barbituates.

      Comment


      • #4
        No...not "Could go horribly wrong." but rather "Will go horribly wrong."...eventually that is .
        And that's coming from someone that isn't even an expert when it comes to IT.

        Comment


        • #5
          Good lord, that's a ridiculously dangerous set-up. Agreed, get out of there pronto.

          The client I work for has major settings in place to prevent that kind of thing, and recently they upgraded the security of the passwords to a 12-character minimum.

          Then again, given the nature of the client, they take security extremely seriously.
          PWNADE(TM) - Serve up a glass today! | PWNZER - An act of pwnage so awesome, it's like the victim got hit by a tank.

          There are only Four Horsemen of the Apocalypse because I choose to walk!

          Comment


          • #6
            What the fuck? That's just... wow. My game server has better password security than that.

            Sounds like one of those people who know to reboot the modem when the internet goes down and considers themselves a "computer person".

            Comment


            • #7
              wait WHAT?!?!?!? I am sorry my brain just rebooted again. That is so going to come back and bite them in the arse.
              Coffee should be strong, black and chewy! It should strip paint and frighten small children.

              My blog Darkwynd's Musings

              Comment


              • #8
                Quoth houdini View Post
                Then, on the bottom of the email, a reminder to everyone to send IT person their ID and password, so that she can get access to their computer if they are away for any reason.

                And then the kicker, that made me : all these user IDs and passwords...are stored on a spreadsheet. On the company drive, so that if anyone needs to get into someone else's computer while they're away, they can access it.
                I hope someone is documenting the heck out of these highly improper procedures. And calling it to the attention of her supervisor, and their supervisors if necessary.
                "I don't have to be petty. The Universe does that for me."

                Comment


                • #9
                  The IT person does apparently have admin access, but husband isn't sure if she knows she has it - and if she knows how to use it. She is a liiiiittle cluless when it comes to IT - rebooting the server is about right for her level, to be honest. I've met this woman and she isn't the brightest bulb in the box.

                  Apparently no one else in the office considers the password system a problem because a) they don't know much about IT, and b) it's a closed office system, so you can't break in from outside - you'd have to be in the office and logged in to a computer to get to the spreadsheet. And yes, they do have an internet connection. Sigh.

                  The issue with passing things up the chain is that you have to get someone up the chain to understand what the problem is. As password security is technically being maintained (8 letters and all that), I bet they wouldn't understand what the problem is. The joys of "new" technology when you have a traditional management...
                  I speak English, L33t, Sarcasm and basic Idiot.

                  Comment


                  • #10
                    OMG...they must have monkeys running the IT department!
                    I don't get paid enough to kiss your a**! -Groezig 5/31/08
                    Another day...another million braincells lost...-Sarlon 6/16/08
                    Chivalry is not dead. It's just direly underappreciated. -Samaliel 9/15/09

                    Comment


                    • #11
                      Quoth tropicsgoddess View Post
                      OMG...they must have monkeys running the IT department!
                      Which calls to mind this quote.
                      "I don't have to be petty. The Universe does that for me."

                      Comment


                      • #12
                        Right, they have an internet connection, lets see, do they have any VPNs setup, or maybe just a regular trojan with a backdoor gets into the system, finds ALL the usernames and passwords. I mean shit, if your gonna have a password list why not just make EVERYONE use the same damn password, would be a lot simplier.

                        But a non protected excel file is just asking for trouble!!!!
                        I'm sorry reading is not a new concept it has been widely taught in our nation for at least the past 100 years. Please, learn to do it CORRECTLY before you become contagious.

                        Comment


                        • #13
                          Maybe I'm misunderstanding the system setup, but if they have internet access, then they don't have a closed office network. Unless maybe they have a seperate network that is connected to the internet. I've always understood closed networks to be set up to have no outside the network access points.
                          The Rich keep getting richer because they keep doing what it was that made them rich. Ditto the Poor.
                          "Hy kan tell dey is schmot qvestions, dey is makink my head hurt."
                          Hoc spatio locantur.

                          Comment


                          • #14
                            Just askin', but does the "computer person" put their own password in the spreadsheet also? Because a "motivated" person with the admin password could do enough havoc to definitively prove the IT person is incompetent and needs removing. Just sayin'.
                            "Them boys ain't zombies! They're just stupid!"

                            Comment


                            • #15
                              Quoth underemployeed View Post
                              I mean shit, if your gonna have a password list why not just make EVERYONE use the same damn password, would be a lot simplier.
                              Why stop there? Why not stash the key to the front door of the building under the doormat?
                              Sometimes life is altered.
                              Break from the ropes your hands are tied.
                              Uneasy with confrontation.
                              Won't turn out right. Can't turn out right

                              Comment

                              Working...
                              X