Quote:
Originally Posted by Sly
The amount of people that use terrible, repeated passwords makes my head spin.
|
Last spring I was called in to a client for disaster recovery. This company with almost 500 employees was hit with ransomware. The company chose not to pay it (smart!). Instead, I put a plan in place to re-fromat and re-image every single machine with domain credentials and Azure Active Directory identity management. I setup a plan to do it, trained some employees, to help, and made an assembly-line of clean-up / re-image of every single user. It worked like a charm until...
... their help desk started getting complaints by the employees that their old passwords could no longer be used. They would call and "insist" that they be allowed to use their old passwords like "password" and "12345" (no damn kidding), felt entitled, and threatened to go over the poor tech support people's head to the boss and "get them fired" unless they could use their old passwords.
Explaining that the new password policies had to be more complex and longer because of cyber-security issues meant nothing to some of them.
I felt so bad because the disaster recovery effort went pretty well but took almost 3 weeks to fully recover from when it should have taken only 2, thanks to the low-security-aware / don't-give-a-fuck employees. Wow.