1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Behind every stupid user is a stupider security professional

Discussion in 'CSO' started by RSS, Mar 14, 2016.

  1. RSS

    RSS New Member Member

    Like most IT people, I love reading “stupid user” stories. As long as you don’t have to deal with them, they are generally relatable and entertaining. When I saw an article where a Reddit string asked for IT people to submit the most idiotic things “non-IT people” asked them, I had to click. I soon became very disappointed, but with the IT people.

    While the supposed “idiotic” things are not necessarily security-awareness related, they very well could be, and that is even more concerning. When a user says, “The computer forgot my password,” which is one of the “idiotic” quotes, the IT person probably thinks that the user should know their own password, which they should. However, I consider that it means that the user uses the save password function, and that in theory anyone can walk over to their computer and log into critical systems as them. While perhaps the system only saves passwords for a finite amount of time, a knowledgeable IT person should be asking what the user means by the system forgetting the password, and advise the person that they should never save the password.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page