Manager: Hurry up and login, I don’t have all day

Dev: One sec I have to lookup my password for the system

Manager: How can you not remember your password? Everything requires it these days

Dev: I use a different password for each service.

Manager: Wow you really like to overcomplicate things. Just use the same one for everything like I do, it’s way more efficient!

Dev: …

Start asking about pets, birthdays, anniversaries.

Sounds like an easy mark to me...

Why are you still working there? I'd have fled a long time ago lmao

@swagnette Waiting for the right offer, minus these outbursts of stupidity I’m paid well and given a lot of freedom/flexibility.

@sariel Lol, why beat around the bush? He’d probably just tell me if I asked

Or better still:

"New corporate policy mandates a minimum 15-character password, a mix of case, at least one number, at least one special character, and it will sync across all our apps in all environments, and there will be a forced change every 60 days"

My wife, who's not in IT and is generally not especially computer-literate, looked at that over my shoulder and said "wait, nobody's gonna remember a password like that, it'll be a huge pain in the ass, they're just gonna write it down somewhere... and I remember watching WarGames with you, won't that make everything LESS secure?"

Why yes, my dear. Yes, is abso-fucking-lutely will.

You keep doing you, you're doing it right. Just be aware that there are even deeper levels to security theater than what your boss is suggesting, and even the biggest companies in the world fall victim to this stupidity.

@fzammetti i've got a fix to get around that dumb "you have to change your password"-policy that a customer instated.

my account was locked once (because i was away for 2 weeks - slightly longer than the period between "you get a memo to change your password" and "your password expired"), and had to get an admin to give me a new password. they gave me a temporary password. which i just never change.

@boombodies stay a little longer, I love your stories. It's why I'm subscribed 😂😂❤️

@tosensei That's actually genius :)

@iSwimInTheC lmao yeah my devrant karma income is going to take a hit when I move onward hahaha

But then there’s alway’s my wife’s tech job, no shortage of content available from them either

@fzammetti @tosensei Best I’ve done is change my password for a small company I worked for awhile back to something along the lines of “we do not hash our passwords” and called into their manual dial in forget password service and had their service rep “remind” we what I set my password to.

… She didn’t get it.

@boombodies I can't believe in this year passwords are being reminded of by a service rep. Oh your company deserves its own twitter satire page. It's a webcomics content mine.

@tosensei your temp password didn't expire?

There's companies which impose this password change requirement because of clients. Then there are companies which do it of their own. Stupid stuff. But they hire security specialists. I am curious what scenarios made them decide that the password change works. There must be some reason.

@anux `I am curious what scenarios made them decide that the password change works`

to be blunt: the scenario in which they are complete and utter idiots who are so stupid, they wouldn't find their own arse if you told then to sit on their hands. (which is the scenario in which we live in)

they're the kind of company that would fill The Daily WTF without leaving any storage for the others.

@tosensei I share your frustration.
But the security guy at a previous employer had good credentials. He was experienced and even gave talks at multiple infosec conferences. His advice was generally good and well researched. Yet this is the same company that instituted password change policy and it works with business customers not clients. So there would have been a reason for it.
Maybe that reason is customer confidence, or some ISO compliance or some way to shrug responsibility. I don't know. I'm not saying the reason will be good or bad. Just that this is something that would untie a knot in my head.

In my previous job it was forbidden to own password manager, but every login had to be unique. It was virtually impossible to remember all those long random passwords, so people were saving them to notepad or writing them down on yellow notes to stick them to display frame ¯\_(ツ)_/¯

at one company I worked for, the active directory (bruh..) was responsive to remote code execution (BRUH²..). some of the Devs were not really happy with the you've-gotta-change-ya-password-mate mentality and wrote a script for that.
the policy provided by @fzammetti got it covered pretty well, but there where some differences. you had to change your pw every 30 days, last 10 pws were not accepted by ad.

they nuked that "security policy" by applying a simple, but effective logic.

for i in {0..9};
do
if the password isn't accepted by ad;
then set FuckYou-$i!
else set fucking password
fi
done.

Who made him the manager......

@vedant-py other equally competent managers

He was right about the efficiency part 😐