Reply to post: We could enter what password we wanted...

It's 2016 and idiots still use '123456' as their password

Anonymous Coward
Anonymous Coward

We could enter what password we wanted...

Internal management tools managing massive amounts of our client's clients data, and we could log in after requesting a temp password as long as it was more than 6 characters long. We found out that there was no complexity rules (despite the doc saying there was). Incident logged and ignored.... until I did a presentation for new features to the CTO and the Security Director and selected "000000"... Got reamed by both until I presented the unprocessed incident from 2 years back showing the "critical" incident got stuffed in the "one day" backlog - by that same CTO...

Anon because I still work there...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019