I was given a couple store passwords that I will never use, but if I did would cause some damage. I also figured out the 'algorithm" for the critical passwords so if one gets changed it would be less than trivial to suss the new one.
For some reason, us peons are held to a stricter password policy than managers; employee intranet passwords have requirements that the manager passwords are able to ignore with impunity.
Announcement
Collapse
No announcement yet.
We REALLY care about network security
Collapse
X
-
I don't know if the password he gave me would let me access everything, and I'm not going to try it (obviously). But he just handed me the "[bank initials]admin" password over the phone.
If our IT guy (the part-timer) has different roles and access levels set up... well, it's never been relayed to me.
Leave a comment:
-
...the IT department doesn't understand how to make different levels of 'admin' access? Everything-or-nothing access?
May I just say 'Holy [CENSORED] [CENSORED] [CENSORED]'?
The part-timer... yeah, I can understand that one not being up to handle everything. The IT head not having roles and access levels set up... :facepalm:
The bookkeeping head just handing out the keys to the kingdom :doublefacepalm:
Leave a comment:
-
We REALLY care about network security
Every so often, we get emails at work for a new piece of training we have to complete. It's pretty amusing. The latest one was how to avoid phishing and so on. It was set up as if a hacker was doing a livestream with viewers asking questions and so forth. He even had a "free Kevin" bumper sticker in the background. (The company that does the training is owned by Kevin Mitnick, so.) One of the things he talked about was stealing passwords from a former employer and using them to steal tens of thousands of dollars from the company.
Today, I was helping a coworker get Adobe Reader set up on her pc so she could more easily print pdfs. It's a core function of her job. I don't know why it isn't one of the standard pieces of software that's installed when IT sets up a new PC, but whatever. I called up the head of our bookkeeping department. Without hesitation, he gave me the administrator password. To the entire network. And he trusts me with it because I'm the only tech savvy employee at our branch. It's more convenient to have me install software than to have the part-time IT guy remote in to install it.
The irony is not lost on me.Tags: None
Leave a comment: