2

I've been working here for a little under a month keep hearing about them not remembering passwords, or not being able to access something due to a rarely used forgotten password, so I decided to Set up a shared password manager for the team using keepass and a generic intranet setup, pulled a password csv from one random on the floor person's chrome to start with. Turns out they ALL sync data from the owners account, and the owners saved passwords include HER payroll login info, and the accounts for ebay, amazon, etsy, basically anywhere you can buy anything....
yeah I think this is gonna need to be a conversation with her soon.

Comments
  • 1
    Why? I'm allowed to use my work laptop privatly. I guess she does it too?
  • 2
    @Tr33 what i mean is that anyone in the company can see her login for the payroll system, login to her amazon or ebay accounts, and the logins for a number of other administrative stuff that the typical employee shouldn't see i did test the payroll one hoping that it didn't work that she did accidentally share that one but changed it soon after.

    Nope it worked, immediately told her what the fuck she's doing by having everyone use her chrome account of passwords and bookmarks and i'm not working on fixing the issues and hoping no one has been abusing anything
  • 4
    @jester5537 bloody hell.

    Someone needs tutoring ASAP.

    That's a security black hole and incident.... Dios mios.
  • 1
    @IntrusionCM yeah, i started setting up the local password manager as a little 'here's a bit of help and time saving' thing now it's turned into 'lets get everyone off the same fucking account' thing

    I'm not even the security guy, we don't have one yet but even i know that this shit is fucked DX
  • 0
    I still don't get it.

    You exportet her password from her computer. Well then you should also remove all of her personal password and only import the system passwords.
  • 0
    @Tr33 I exported from a normal employee's computer. Not the boss's. But the boss's data was on it
  • 0
    @jester5537 you didn't say that in the beginning.
  • 0
    @Tr33 i said in the middle "random on the floor person's chrome" I also later said they all sync data from her chrome account which isn't always a bad thing. But in this situation since she uses her account to save random stuff giving employee's access to her stuff. It is bad

    I probably could've been clearer but ehhh
Add Comment