I overheard a conversation in an office building the other day.. From one open office door hollered, “Oh, it asked me for my password – do you know my password?” From two doors down the answer was shouted back “It should be the same as everyone else, our street address.” I staggered a little and clutched at my chest as the light in the hallway dimmed.
Now I must assure you, fair readers, that this isn’t one of my friends’ places of business, I just happened to be in the wrong place at the wrong time. And you and I both know better than to believe it’s only an isolated incident. People will always prefer to go the easier route, what they actually want is “convenience” not “security” and they don’t see the potential threat especially with something as simple and “harmless” as using the same passwords on all of their office computers.
Case in point – a few years ago there was a company just like this one. Everyone and everything used the same user name and password. (“Admin” and “12345678” – no, I kid you not and yes, it’s been changed now.) This arrangement worked just fine for them until one day someone was fired. He was just a little bit upset and took some time clearing some “personal files” from his computer’s desktop. A few hours after he took his last paycheck and left, someone realized that they couldn’t print. After rebooting they couldn’t log on, then everything, network switches, printers, computer accounts, databases, everything went down. Why? The newly ex-employee changed every password from the standard 12345678 one to a new one. He never did return their phone calls begging for the password and the service call took three days of resetting network devices to defaults and cracking passwords on desktops. If he had his own login – it would have been very hard for him to affect so many devices so quickly.
Moral of the story; default passwords that everyone knows are bad.
~Geof “what’s my street address?” Franklin