The Oklahoma Department of Education can't log in to its own website because the person who had the password left and didn't give it to anyone. They haven't been able to login for 2 years.
IT Staff: "Hey this person is leaving should we do knowledge transfer?"
People running things: "Naw IT is a waste of money and does nothing. Why would we want to waste more money to pay someone to explain how the system works?"
This conversation has happened a non zero amount of times in my life.
My favorite was that "IT is a waste of money because it doesn't make any SALES" at a retail chain. Never mind who was maintaining the point of sale software, the company's wholesale and retail e-commerce websites, the corp office inventory databases and integrations from the remote POSes, etc.
Naw, it's not a team effort in the slightest. Just shit on anyone who doesn't work on commission.
I think it's actually the most common sentiment among those who decide such things. It's only the commitment of the IT people to doing decent work that keeps those things from falling apart.
i'm thinking it's the password to the hosting account itself rather than the website back end. having worked in hosting, the number of small business tyrants who pay somebody to set up and manage their website and then fire them without ever getting any login details is hilarious. They're always enormous fucking assholes about it, too.
honestly based. everyone should have insecure passwords when working for a corporation. you should also message your local hacker group that the corporation is vulnerable
Setting unreasonably complex “strong password” requirements and making everyone choose a new password every three months to social engineer the use of sticky notes on screens
Sounds more like everyone used [realname][number] as their password because IT decided that changing your password every couple months is the most "secure". Even though it's not and causes [realname][number] passwords in the first place.
The adrenochrome factory made me do some shit like that so I started keeping a sticky note with the log in name and password on the monitor and the password for some other system in a clear text .txt file in the documents tab titled "[other system] password"
There may have been some password expiration set for the windows users, but I'm referring specifically to their database. My trainer literally told me that although I could change it if I wanted to, nearly everyone kept the same default password.