• @[email protected]
    link
    fedilink
    English
    1451 year ago

    Outsourced IT provider here:

    90% of businesses have basically zero IT security. Leaked passwords in regular use and no process or verification for password resets. As soon as someone complains that 2FA or password rotation is difficult it gets dropped. Virtually all company data is stored on USB keys, plaintext hard drives and on staff’s personal home devices.

    The reason they’re not constantly having their data stolen is because no-one cares about the companies either.

    • @[email protected]
      link
      fedilink
      381 year ago

      Isn’t password rotation a horrible practice because it makes people use passwords like “MyNewPassword15” since it’s the 15th password reset they’ve been forced to do?

      • @[email protected]
        link
        fedilink
        11
        edit-2
        1 year ago

        password rotation is generally not considered a “best practice” but not doing something because it’s not a best practice is only a good strategy if you’re actually going to follow the best practices. password rotation is less effective than a good password manager and long randomly generated passwords that are unique to each site. requiring passwords be rotated can be an impediment to using strong unique passwords, which is why it’s not a good practice.

        but a freshly rotated “MyNewPassword15” is a million times better than your password being “password”, or being the same thing you use on every sketchy website whose database has been breached a dozen times.

      • fakeaustinfloyd
        link
        fedilink
        61 year ago

        Password rotation for your “emergency” system account (the one that shouldn’t be root) still needs to be rotated every time someone with access leaves or changes job roles.

    • Flying Squid
      link
      fedilink
      291 year ago

      We have a custom backend website I have to log in for my work. You don’t have to use a password, just an email address. The only “security” is it’s on a weird URL that people wouldn’t likely know if they weren’t given it.

    • @[email protected]
      link
      fedilink
      41 year ago

      Password rotation is very insecure. No one should be doing that. I also hate when companies set maximum length for a password, like 12-16 characters. Bitch, my 32 character password is much more secure!

    • @[email protected]
      link
      fedilink
      31 year ago

      I believe Microsoft’s 365 platform helps a lot in that matter. Even without any security strategy or custom configuration M365 offers a better security level than those businesses could ever reach themselves.

    • Uriel238 [all pronouns]
      link
      fedilink
      -11 year ago

      Which might explain why medium sized companies that are not completely clean-nosed are happy to run Windows 10 with all its spyware elements running unregulated.

      It’s also terrible in the government sector, which is why the NSA’s huge database on US internet traffic is accessible to rivals like Russia, Iran and China.