Unbelievably stupid in 2022.

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
I find it incredible that there are people who still do this. I find it even more incredible that in 2022 software developer’s and system security personnel allow this sort of thing to happen.

apple.news

A Password Set To Password Leads To A $15 Million Ransom Demand — Forbes

There’s a long list of passwords that are so terrible that you should never, ever use them. Password is right at the top of the list.
apple.news apple.news
 
  • Like
  • HaHa
  • Wow
Reactions: Sorrento, ForgottenSeer 93475, byronbytes and 11 others
F

ForgottenSeer 94654

MuzzMelbourne said:
I find it incredible that there are people who still do this. I find it even more incredible that in 2022 software developer’s and system security personnel allow this sort of thing to happen.
Click to expand...
Cyber security personnel rarely have the authority to enforce policies and to take actions when employees do not comply or violate policies.

How you gonna police every single employee's digital usage even in a small company of 500 employees? It is an impossible task, even with monitoring software. And management rarely implements the things that cyber security personnel recommend. That's even if the company has qualified cyber sec professional on staff. More like an overburdened general admin expected to do it all.

When budgets get cut, cyber security is one of the first to get trimmed. "Do more with less (people)." And there you have it.
 
  • Like
Reactions: Sorrento, byronbytes, Back3 and 3 others
MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Fair enough. Point taken. Maybe developers could include code like, if(dangerous password) then(reject)else(accept) and refer to a nice long list of potentially dangerous passwords to make the call. I guess my point is, how is it still possible to set a password to “password”, particularly in these circumstances?
 
  • Like
Reactions: Sorrento and byronbytes
F

ForgottenSeer 94654

MuzzMelbourne said:
Fair enough. Point taken. Maybe developers could include code like, if(dangerous password) then(reject)else(accept) and refer to a nice long list of potentially dangerous passwords to make the call. I guess my point is, how is it still possible to set a password to “password”, particularly in these circumstances?
Click to expand...
Few companies validate authorized access configuration inputs whether for their OS, their apps, their infrastructure or their websites. Then you have the user - lots of companies don't want to be held responsible for protecting against "stupid" so they put the entire onus onto end user in the EULA. Well, making the end user responsible for just about everything is standard software & digital industry practice.
 
  • Like
Reactions: Sorrento, byronbytes, Back3 and 1 other person
F

ForgottenSeer 94654

MuzzMelbourne said:
Amazing. Huh, you learn something new every day. Digital buck shifting!
Click to expand...
Some website developers are recognizing the need for strong passwords and making it such that the user must use them to create an account.

But what are you supposed to do in a 1000 person company, with only 2 admins, and they use the word "password" as the password for all their admin stuff on every single device in the company ? It is admin negligence, but at the same time those admins can be so overburdened and their management won't listen to them. So it is not so straightforward. You have to remember, unless something is mandated by law, companies will not do it. Companies want the pleasant fiction of a one-button solution that works silently and seamlessly and solves all their security problems. They don't want to hire the small army of security staff needed to properly protect even a small commercial network. Management does not understand security typically and they don't understand why something they have just downloaded is being blocked. Overall, the reality out there, while getting better, is both absurd and dismal. But revenue and profits always comes first.
 
  • Like
Reactions: byronbytes and MuzzMelbourne
byronbytes

byronbytes

Level 2
Mar 30, 2022
51
They should make it so you just can't make your password password, or anything generic in that case. It's just like this image here
1649097025610.png

It's a gate alright, but you can literally just walk around it with no effort. Password is the most commonly bruteforced password that hackers go for, so why use it?
 
  • Like
  • Wow
Reactions: Sorrento, MuzzMelbourne and ForgottenSeer 93475

Similar threads

vaultedlogic
    • HaHa
Advice Request 40+ Passwords Found in Data Breach - Help Me Understand What Actually Happened
Replies
24
Views
1,716
General Security Discussions
bazang
bazang
Victor M
    • Like
Serious Discussion Why you shouldn't dabble in Cryptocurrencies
Replies
6
Views
729
General Security Discussions
BulletKnowledge
BulletKnowledge
SamStam
    • Wow
    • Like
Serious Discussion General question about hacks
Replies
7
Views
1,039
General Security Discussions
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top