Pathethic Password Help Pages

I found some really pathetic password help pages on a company’s intranet while I was there visiting.

This is a large company that most people would recognize, and it is subject to plenty of government regulations. Overall, I’ve heard the security is pretty tight, but since I’ve never worked there, I can’t speak from experience. Except, that is, the experience I mentioned in an earlier post, Randomly Generate Weak Passwords. Perhaps all their security is what Bruce Schneier likes to call “security theater.”

Either way, how’d you like to be a security professional at that organization? You’d have to be very embarrassed about that site. I know if I worked there in audit or security, I’d definitely suggest that password generator be either taken down or improved.

They actually had ANOTHER bad page where you could check the complexity of your password (how do you do that when no complexity is required?), and here’s some passwords that I entered that passed:

password (no kidding)
admin
letmein
12345678
querty123
abcdefghij

In fact, I could NOT enter a password that would fail. Perhaps the person responsible was an evil insider who was just gathering all the passwords entered? Just in case that was the situation, I entered this passwords in order:

ThisIsA
Really,really
pathetic
toolAndyou
MustBePath
eticToo!
HappyHunting

I guess this tool must be a sister to the random generator, an evil sister that should be locked away in a damp dungeon forever.

Leave a Comment

—————

Note: This post originally appeared as my reply to a comment left in Randomly Generate Weak Passwords. So does the fact that I’m recycling make this a green blog?

2 Comments

Filed under Audit, Humor/Irony, Security, Security Scout

2 responses to “Pathethic Password Help Pages

    • ITauditSecurity

      dgodam,
      Poor security is always too familiar.

      I look forward to exploring more of your blog. I put your website in my LINKS page. Go to LINKS at the top of this page, then Information Security. Did I peg your right? Let me know. Thanks for stopping by and commenting. Please do so again, as I’d be interested in your opinion on a multitude of topics.

      You don’t allow comments on your blog?

      Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s