Last week, our web developer learned a hard lesson, 3 times. He was away on vacation, and one of our favorite things to do at No-IP is to play pranks on our fellow co-workers when they are out of the office for an extended period of time. We brainstormed ideas and finally decided to mess with his computer a bit.
The only issue was that his computer was locked and we didn’t have the password until we looked at his password hint and realized it was the actual password. UH REALLY?! Anyways, we took it easy on him and decided to only update his DNS host, so when he tried to visit Reddit, it went to Digg, and when he tried to go to Google, it went to Bing. He came back from vacation and quickly realized something was awry. Did lesson learn right? WRONG.
Later that day, we decided to move all of the developers into the conference room for a few days so they could easily discuss and hash away at a big project. Jokes had been made about password security and network security, and everyone thought that he would wisen up and make the necessary changes. Turns out, he didn’t. His password was still the same one that we had hacked the day before. All jokes aside, we told him it was very important to choose a strong password and to keep it to himself.
He headed home for the night and we decided to see if we could hack his password again. After he assured us all that quote “we would never guess it”. We checked out his password hint and our brains instantly started turning. 10 minutes later, we had hacked his password. It was the same exact one, with a more subtle hint. We all stood in shock as we realized that we had just hacked his computer for the 3rd time and that he was too lazy to change his password!
The next day he changed his password and admits that it was stupid to be so blase about it. Strong passwords are very important to network security, online account security and so much more! We haven’t tried to hack his computer lately, but hopefully, he has learned his lesson. What are your tips for creating strong passwords? Check out these 10 tips for choosing strong passwords.
How blinking stupid, defiant, and arrogant does a developer have to be before being fired from no-ip after two episodes of refusing to create a new strong password? If this person was creating anything that affected customers’ security, the whole company would be liable for suits and criminal charges.
Using common substitutions and silly capitals just makes PW hard to remember and is actually trivial for PW guessing programs to cycle through. Using a leap of toughts phrase which means something to you can be much stronger. E.g. “cytefuchssnib” would be dead-easy to remember for me but most likely meaningless to anyone else. It could be made stronger by inserting numbers, e.g. “cyte4fuchs2snib”.
XKCD captured the issue nicely: http://xkcd.com/936/
Peter calm down, obviously this is part of the culture queuing is very common amount technical companies; to be otherwise stifles creativity.
His personal computer password amongst trusted colleagues would surely be different to mission critical sensitive work.
Just goes to show that you can’t trust your work counterparts! I’m reminded of a intern who forgot to defcon his computer to his desk. Needless to say we hid it in our it managers filing cabinet till he got back. Sometimes a subtle reminder is all they need to follow policy. We’re all human after all and prone to mistakes. The severity of the mistake is what needs to be avoided… Challenger O-rings anyone?