undefined | Better HN

0 pointsengtech13y ago0 comments

You realize that people use the same password on multiple sites?

given that people signed up using corporate email addresses, this could be used to hack internal networks of companies.

0 comments

3 comments · 1 top-level

Evbn13y ago· 2 in thread

Using a corporate password for any other site is a firable misconduct.

You'd better be prepared to fire half the corporate world. And then do it again the next month. Because people will never stop doing this.

hnriot13y ago

any decent corporate IT dept make sure you don't by forcing often password changes and having quite secure rules for length and charactes in a password. My corporate IT force quarterly password changes for VPN, NIS and SSO, which all must be different, all must be 8+ characters, all must have mix of upper and lower and numerics. They also store the hash of all previous passwords to prevent users from recycling.

So I think the onus of responsibility lies with corp IT and not HR.

3 more replies

j / k navigate · click thread line to collapse