this post was submitted on 24 Jul 2023
990 points (98.3% liked)

Programmer Humor

32415 readers
610 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
top 50 comments
sorted by: hot top controversial new old
[–] AnonymousLlama@kbin.social 80 points 1 year ago* (last edited 1 year ago) (6 children)

Need the opposite costume, the overly eager sys admin.

  • wants to force password changes once a month for security
  • constantly changing security policies to reflect the flavor of the month
  • constantly sends out phishing emails tests, wonders why no one replies to any of his emails
[–] RarePossum@programming.dev 19 points 1 year ago (1 children)

My fucking uni is trying to move to passwordless, but you will always need a password to log onto any lab device, and to the wifi, so why?

[–] newIdentity@sh.itjust.works 8 points 1 year ago (1 children)

I mean you don't actually need a password for that when it's implemented the right way

[–] metaStatic@kbin.social 16 points 1 year ago* (last edited 1 year ago)

...implemented the right way

see

...you will always need a password

[–] idunnololz@lemmy.world 17 points 1 year ago* (last edited 1 year ago) (2 children)

A website once complained my password contained 3 consecutive letters there were 1 away from each other. This was back when I used sentences for passwords. It was complaining about the word worst because of r-s-t.

That's wack. Passphrases are second only to random passwords generated by a password generator in terms of security, character proximity doesn't matter with that much length.

[–] weariedfae@lemmy.world 2 points 1 year ago
[–] Pyrux@programming.dev 10 points 1 year ago

Then they have you make it some 12 character length minimum string with mixed case and special characters and dictionary lookup so it isn't some common phrase but you're also logging in through a telnet instance onto a Unix system.

[–] MaxVerstappen@lemmy.world 8 points 1 year ago

As someone in the InfoSec field, I also hate those people.

[–] magic_lobster_party@kbin.social 5 points 1 year ago* (last edited 1 year ago) (1 children)

Sysadmin: “A clear indication of phishing email is the sense of urgency. We would never send out any email regarding urgent updates that needs immediate action.”

Also sysadmin: “URGENT!!! You must update your system now before Friday!!! Click link here for instructions! Otherwise you will be locked out!”

[–] AnonymousLlama@kbin.social 3 points 1 year ago

Spot on. We're changing XYZ policy and we need everyone to do this training within the week. Wait, why's no one opening my emails

[–] tchotchony@mander.xyz 1 points 1 year ago

Then do this to computer-shaped instrument controller systems that have accounts that can not have passwords changed or the application won't run. Or service accounts, so if you pop in after 6 months, nobody knows the current password and the IT guy only comes in 2 hours/week. And that was yesterday. And no, no contact information present...

[–] HairHeel@programming.dev 57 points 1 year ago (2 children)
  • Installs antivirus on servers that wrecks application performance
  • installs content filtering proxy that prevents developers from reading “hacking materials” like OWASP documentation
  • won’t let developers install anything on their own machines without filing a ticket and waiting 6 weeks
  • pushes unannounced antivirus updates that pop up OS security dialogs like “Netscan Antivirus would like to monitor all network traffic. Enter your password to approve”, and is surprised when users don’t enter their passwords.

Your corporate IT guy

[–] Wojwo@lemmy.ml 9 points 1 year ago (1 children)

Sigh. Their hearts are in the right places...

load more comments (1 replies)
[–] kd45@lemm.ee 8 points 1 year ago

We might work at the same company lmao. My laptop is borderline unusable due to all the monitoring garbage despite having really fast hardware

[–] vzq@lemmy.blahaj.zone 51 points 1 year ago (5 children)

Password expiration is no longer considered a best practice. FYI.

[–] demonsword@lemmy.world 10 points 1 year ago

Yes, that's true, and hasn't been considered so for a long time

[–] netvor@lemmy.world 2 points 1 year ago (1 children)
[–] poop@lemmy.blahaj.zone 3 points 1 year ago (1 children)

Encourages users to just add a rotating number or other not too secure thing to their password. I know that’s what I did when I worked somewhere with that dumbfuck policy.

[–] fadedmaster@sh.itjust.works 6 points 1 year ago

Yep. My least secure password is the one I use at work because I'm restricted to 9-12 characters, can't be sequential forwards or backwards including keys next to each other (abc, 123, qwerty), can't begin with a number, must contain at least three numbers, must be at least four characters different from your last twelve passwords, and must be changed every 90 days. Oh and it can't include your first or last name.

Most of my coworkers just use a family members name and then change a few numbers at the end and keep a post it note at their desk with the numbers so they don't forget it.

[–] Dubious_Fart@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (1 children)

It was never best practices for anyone who had common sense.

It just forced people to make insecure, easy to remember passwords, cause they were gonna be changed in again soon so why make it complicated and hard to remember.

[–] phar@lemmy.ml 3 points 1 year ago (1 children)

I know I do this. Add another exclamation mark.

[–] pezhore@lemmy.ml 2 points 1 year ago

Psh... That's amateur, I just keep incrementing the number at the end 'password1', 'password2', etc. Gotta fool the password reuse counter!

[–] flashgnash@lemm.ee 1 points 1 year ago (3 children)
[–] vzq@lemmy.blahaj.zone 8 points 1 year ago* (last edited 1 year ago)

NIST removed password expiration from their recommendations in 2020. Instead they recommend only forcing password changes when compromise is suspected.

The main argument is that they do not make users or systems demonstrably safer and encourage bad password habits.

[–] Reddit_Is_Trash@reddthat.com 6 points 1 year ago

I would imagine most users change their password by only 1 character, and maybe even in sequential order.

When time comes to change the password, it becomes password1234 instead of password123. Or password234. Something easy to remember, most users don't care about best security practices, and changing to a similar password is very convenient. Especially if it's "only" for work stuff

[–] pkulak@beehaw.org 2 points 1 year ago

The original idea was that you would take how long it took to brute-force a password, then require the password be changed before that. But we have better hashing now, like bcrypt, where you can tune it so that brute forcing anything would take 100s of years.

[–] Judgy_McJudgerson@lemm.ee 41 points 1 year ago (2 children)

“What do you mean this password is too short? I use it for everything!”

[–] Lepsea@sh.itjust.works 9 points 1 year ago

"how many times do i have to tell you that your name + your birthday date js not a good password!"

[–] reverie@lemmy.world 5 points 1 year ago

Needs a special character?

Password123!

[–] geekworking@lemmy.world 38 points 1 year ago (1 children)

Even worse is the CEO.

He needs access to everything and he's far too important to waste time with security.

[–] Noughmad@programming.dev 11 points 1 year ago

This is the reason why those scams are so successful:

"Hi this is the CEO, wire $10000 to this account right now, we need it there yesterday. I don't have time to talk, just do it. Bye"

[–] wholeofthemoon@lemmy.world 29 points 1 year ago

"My files are highly confidential"

password is suburb+suburbpostcode

[–] DragonAce@lemmy.world 19 points 1 year ago

I used to have a lady I worked with who was like this. She had the common sense of a fucking carrot and was dumb as shit. What was weird is she was highly skilled in the one job she was hired for, the rest of the time she would click on everything and I would had to fix her computer multiple times a week. One time I tried to walk her thru something on the phone and I told her to click on an icon, her response was "Whats an icon?"

[–] Dubious_Fart@lemmy.ml 19 points 1 year ago

I bet he also picks up USB sticks from the parking lot and plugs them into his work computer.

[–] Saigonauticon@voltage.vn 16 points 1 year ago

On the other side of things, don't you love systems that return "invalid password: password is not unique"?

[–] Nfntordr@lemmy.world 13 points 1 year ago (1 children)

The cybersecurity email tests I get at work are so transparent - Hi user, You have an unpaid invoice, please follow link to pay immediately.

I wish I could I could reply no I don't fuck off but I'd probably get in trouble lol

[–] magic_lobster_party@kbin.social 13 points 1 year ago (2 children)

At my work the company wanted to show some gratitude and sent out email with free ice cream vouchers to everybody. Many suspected this was just another one of these cybersecurity email tests, so the company had to clarify it’s all real.

I think it’s hilarious the thought about hackers using ice cream as bait. Maybe that would work?

[–] flashgnash@lemm.ee 4 points 1 year ago

Evidently not at your company

[–] Nfntordr@lemmy.world 4 points 1 year ago

Well, I guess it's good that people were being vigilant. But yes, I guess anything could work

Clicks on everything or is too scared to click on anything and never learns how to use the software

[–] kkard2@lemmy.ml 9 points 1 year ago (1 children)

wait untill you hear "if i remember correctly my email password was {name} {surname} something @ gmail.com... what do you mean that's not it? why do i even need a password?"...

[–] yeather@lemmy.ca 5 points 1 year ago

Fuck my email is (first name)(last initial)(birthday and month)@gmail.com

[–] zerkrazus@kbin.social 7 points 1 year ago (1 children)

Searches for things online by typing it as a post on social media instead of using a search engine as in: "Google what is the weather like today near me?"

load more comments (1 replies)
[–] Crackhappy@lemmy.world 4 points 1 year ago (1 children)

Hey. Password123 is progress, right?

[–] sik0fewl@kbin.social 9 points 1 year ago (1 children)

They made me change it, so it's Password124 now.

[–] Cirom@sh.itjust.works 5 points 1 year ago

... And then 2 months later, "why can't I log in"

load more comments
view more: next ›