According to an employee with knowledge of the system, the password to the Louvre's video surveillance system was simply "Louvre" at the time of the robbery last month.
Nice. Meanwhile at the place I work, they have mandated 15+ character passphrases that must have a capital letter and a symbol, that must be changed every 6 weeks, but banned the use of password managers.
They also block yubikey and similar hardware tokens from corporate devices at the USB driver level, because “to stop the hackers!”. The only 2nd factor auth they allow is Microsoft Authenticator, and Windows Hello. At least it’s something I suppose.
my company doesn’t even allow passwords. everything is TPM+PIN/passkeys/FIDO2 from company managed devices on VPN… for the “low security” side.
Nice. Meanwhile at the place I work, they have mandated 15+ character passphrases that must have a capital letter and a symbol, that must be changed every 6 weeks, but banned the use of password managers. They also block yubikey and similar hardware tokens from corporate devices at the USB driver level, because “to stop the hackers!”. The only 2nd factor auth they allow is Microsoft Authenticator, and Windows Hello. At least it’s something I suppose.