That intern who used "Password123" for the company CRM

I work at a small marketing firm in Austin, and last week I noticed our intern kept logging into our client database without any two-factor prompts. Turns out he set his password to "Password123" and disabled the MFA because it was "annoying." I only caught it because the audit log showed 12 failed login attempts from a random IP in one afternoon. Has anyone else dealt with coworkers who fight you on basic security steps like enabling two-factor?

2 comments

2 Comments

eric_price3d agoMost Upvoted

Bro this is way too common lol. Had a guy at my last place who set his work laptop password as "password1" and got genuinely mad when IT made him change it, said it was "too complicated now." People really don't get that hackers are literally just trying the most basic stuff first and that one weak link can mess up everything for everyone.

derek_burns3d ago

The "Password1" guy getting mad is what gets me. Like it's literally the same thing with a number tacked on, hackers have been cracking that one for a decade. What was his actual excuse for thinking that was secure? Did he say anything about why he thought disabling MFA was better than taking two extra seconds to approve a phone notification?