It’s similar in IT. Almost no one recommends regular password changes anymore, but we won’t pass our audit if we don’t require password changes every 90 days.
When we first switched to JD Edwards, it still sent the passwords in plain text, and our Oracle partner set up our weblogic instances over http instead of https.
I had to prove I could steal passwords as just a local admin on a workstation before they made encrypting the traffic a priority.
A very non-techy relative works in a company that requires password changes every month. At this point his passwords are just extremely easy to guess and basically go like 123aBc+ and variations of it.
Our IT department won’t allow password managers. Their current stance on what we should do instead is “Uh, we’re working on it”. So everyone at work uses weak passwords and writes them down in notepad. headdesk
It’s similar in IT. Almost no one recommends regular password changes anymore, but we won’t pass our audit if we don’t require password changes every 90 days.
Same vibe as management buying Oracle products because it’s “trustworthy”.
When we first switched to JD Edwards, it still sent the passwords in plain text, and our Oracle partner set up our weblogic instances over http instead of https.
I had to prove I could steal passwords as just a local admin on a workstation before they made encrypting the traffic a priority.
the only way this gets fixed is when the audits say to follow NIST recommendations.
A very non-techy relative works in a company that requires password changes every month. At this point his passwords are just extremely easy to guess and basically go like 123aBc+ and variations of it.
Yeah, no clue how that caught traction.
Our IT department won’t allow password managers. Their current stance on what we should do instead is “Uh, we’re working on it”. So everyone at work uses weak passwords and writes them down in notepad. headdesk