Sounds like your IT department needs to get with the big bosses and get straightened out. But yeah, my entire team went to bat for the others at the installation and got the big boys and IT in the same room for a pow-wow. It was a classic case of the right hand not knowing or understanding what the left was doing. We had the same kind of employment contract, sure, but when following the rules leads to less effective work that leads to money being lost or wasted, heads get shown the guillotine even if they don't roll
We have no actual IT policy at my work. But as of late, Wilders has been blocked for some reason, so I access it via an online proxy.
That might be because of the external links to untrusted websites and often new and unknown programs that get posted here.
No, I haven't. Interesting this topic should come up after reading a Sky News article about an Italian Mayor who has pulled the plug on internet access in council offices after discovering some employees were spending too much time on porn websites: http://news.sky.com/story/1059462/porn-mayor-pulls-plug-on-x-rated-web-surfing
I would say passwords as an IT policy often gets violated. Generally speaking, if they're not ridiculous with the restrictions set (periodic reset, amount of letters/digits, etc), then they're ridiculous by having lax policies or worse, not having any policies at all. Usually, the users are given an 'official' password for 1st-time login but unless prompted to, many would not change from the default if it's easy enough to remember. Otherwise, even if they changed it, most would use a common 'unofficial' password that everyone in the building knows. Then, there are those who set their own password BUT then due to working circumstances that leaves one with little choice, shares it with another party on the assumption of trust. A common scenario is where friend's account is locked out and need to be reset by the management (usually due to the stupid policies set or the system just plain sucks) and there's an urgent need for that friend to login to the system regardless of whose account is being used (even if it means violating IT policy) To add icing to the cake, you never know when this 'trusted party' might pass it on to another...for the same exact scenario. The list just goes on....
Well put, our password reset once a month and it can not be repeated, so we use Password123, then 123Password and so on. It also gets taped on the screen.
Hahahahahaha i also used to work in a place that had password policies, we had to restart it every 30 days . . . it was insane, my password was something like Ex. Password12345678
Yes, sort of. Years back, I was the IT guy for a branch of a non-profit agency. I did Terrible Things that the agency's IT head was scandalized by when he found out. For example, our counselors needed to be able to play back DVDs, so at my own expense, I installed DVD-ROM drives in stock Dell desktop computers AND GAVE THE USERS CHEAP SETS OF SPEAKERS Oh no, that could void the warranty! Even worse, it could complicate his secret master plot to switch the users to Linux thin clients someday! I also made the users non-Admins. The Pointy-Haired Boss spluttered that this was not good, they should be full-on Administrators and just educated to use that power responsibly. Keep in mind that when I came onboard, the password for the Domain Administrator was... (wait for it) ... Password. But with a capital "P," so it was secure. No one would ever guess that one. As part of the master plan to migrate off Windows (which they still have not achieved 5 years later), the PHB also forced FireFox down our throats, resulting in many late nights of manually updating about 80 computers by hand, as well as absurdly slow launch times (slow hardware, heavy-handed AV). I showed several users how to get The Evil Blue "e" working despite the lack of desktop shortcuts, and turned a blind eye to the use of IE when I encountered it. Anyway, there were no really serious repercussions. I eventually got fed up with the PHB's unrealistic schemes, and switched back to my alternate career. Where I work now, I have the computers locked down to my liking, but pay close attention to the users' needs and try to accommodate them, or at least explain why things are the way they are.
There are recently many DDoS in my country and hackers from Czechurity wanted to prove, that they can actually hack, so they hacked a bank's webpage with a message: "Your money has been lost somewhere." But the saddest thing about the thing is, that the admin has used the unique password: "Bank123". https://twitter.com/Czechurity
We have 2 IDs and 2 passwords at my job. They must be changed every 30 days. System remembers 2 previous passwords and all passwords for previous 2 months (or 30 days, I don't remember all these rules). Password must contain at least 8 chars, consist of at least 1 digit, 1 lowercase and 1 uppercase letter. The most surprising here is that nobody forgets all their passwords. Before they imposed these rules some guys had passwords like '123'. I have CTM 2.8 there so when i revert to some distant snapshot it's a bit difficult to recall the password for that time.
That's not a kind of question you expect honest answers in a public forum And the question is, have you violated - willing/knowingly/by accident? Mrk
I had 3 ID's and 3 Passwords where i used to work and we also had a 30 day reset policy. I never forgot my ID's and Pass but tons of my colleagues did . . . i dont know if they did it in purpose or it was really a mistake because everytime you forgot your password you couldn't do anything for a couple hours at least and most of the times it took 1 or 2 days . . . FREE DAYS!!.
Haha maybe that's why at my job they reset our passwords just the moment you come to the guy-in-charge for that.
In a world where "sharing is caring" and people find it cool to post Harlem Shake viral videos (where they don't even do the original dance move), people are more open to the idea of posting anything (literally "anything") publicly, even without much thoughts. I like.
Hahahahaha the problem was that in order to reset the passwords we had to contact the dept that is in charge of these things . . . which was not even in our building, in fact it was in another country and we had no control over it.