RosaCtrl

8y

We developed this website plus custom CMS for an university. I told them that we could host the entire system and take care of it for an annual fee but they decided to host it in house because security. The IT guy didn't ask for my public key, he sent me a password. By email. Less than 8 characters long. Only recognizable abbreviated words. And a dot.

undefined

security

Ranter

Comments

0

asphytotalxtc

144

8y

Fml.. #facepalm
0

ChrisCooney

1658

8y

There might be a bit of logic in that! Higher entropy in four English words than in a mesh of numbers and symbols. But 8 characters isn't long enough for a password!
1

RosaCtrl

268

8y

Yeah, my important passwords are made of some random words, but in this case you can count just three elements: two abbreviated words and a dot. And what makes it worst is that the two abbreviated words are related to the website.

Besides that don't you think that it is 2016 and all sysadmins should disable password log ins on SSH?

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service