Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
On the plus side, this incident *just so* tipped the scales for me to convince management we need to turn on 2FA. Just so. It was still embarrassingly close.
N00bPancakes8904186dWell he's good at making it clear that you made the right choice!!!
I've been managing some apps I made .... and the god damn users and their passwords and fuck guies. The amount of people who are sure their password is X and it never has been (because you never fucking finished registering) and so forth is killing me.
That and "I didn't get the password reset email. Shit..."
I'm creating a new system for these things called FUCK YOU HERE RESET YOUR PASSWORD <LINK> combined with NO THIS IS THE FUCKING SITE YOU USE IT ON that I can just send out at the sign of any trouble....
I should have done that long ago but stupid me had faith in humans.
The actual solution is to fire that employee.
2FA doesn't magically make him immune to social engineering in general.
He will keep being a huge risk for the company as anyone can just talk him into granting physical or elecronic access to everything accessible to that employee.
@Oktokolo Oh I'm aware, I can only hope it'll make it harder for him to screw things up. I also have no intention of helping him save the password; if he ever needs it he can come to me for it. Honestly I'm surprised he hasn't been fired long ago. Nobody likes him, including the company owner. But unfortunately it's not my call. *shrugs*
Demolishun12672186dSome people have jobs because of blackmail.
Also his password he wants to use: 12345
In that case: Try to restrict his privilegues as much as possible without it making it look like mobbing. He probably has already executed greeting cards and opened fishy "invoices" which came in by email...
Make sure that ransomware can't spread from his devices to the rest of the company.