Tweet
So my company (3 companies in one actually...we're the triforce...or something.) has recently been hacked by a tech's insecure password. The CEO has always insisted security take a back burner to fitting more customers per server, until now.
Last night, we rolled a change FORCING customers to change passwords, by setting a temporary password of random characters that is emailed to the email address on the account. The customer must log in using the password, then set a new password that adheres to the new limits: they must use 2 numbers, 1 capital letter, and at least 1 special character.
Apparently this isn't a popular move among the same group of customers who always accuse us of having bad security when their sites get regularly hacked for having a password of 'password1234'.
Fortunately, since I'm now a sysadmin, I don't have to talk to them any more, and I know all the techs resent and hate us as much as the customers who've flooded our phone trunks (it was so full at one time that customers were getting busy signals). Really feel sorry for the techs, and not so much the customers.
Last night, we rolled a change FORCING customers to change passwords, by setting a temporary password of random characters that is emailed to the email address on the account. The customer must log in using the password, then set a new password that adheres to the new limits: they must use 2 numbers, 1 capital letter, and at least 1 special character.
Apparently this isn't a popular move among the same group of customers who always accuse us of having bad security when their sites get regularly hacked for having a password of 'password1234'.
Fortunately, since I'm now a sysadmin, I don't have to talk to them any more, and I know all the techs resent and hate us as much as the customers who've flooded our phone trunks (it was so full at one time that customers were getting busy signals). Really feel sorry for the techs, and not so much the customers.
)
Comment