2023-02-06 Steven Luu
“mature” engineers … go beyond “just” patching these problems. They take the extra step to make sure the next person won’t have to spend the same level of energy fixing the same issue, or eliminate the problem class altogether for their team.
There have been news stories about how the Office of Inspector General, U.S. Department of the Interior found weak passwords in the Department of Interior’s Active Directory accounts:
The OIG report:
P@s$w0rds at the U.S. Department of the Interior: Easily Cracked Passwords, Lack of Multifactor Authentication, and Other Failures Put Critical DOI Systems at Risk
It has password advice on page 8:
NIST SP 800–63 recommends using passphrases instead of passwords …
Password vs. Passphrase Examples
Password = 5pr1ng*Ish3re
Passphrase = DinosaurLetterTrailChance
I believe the passphase words have to be chosen randomly from a large word list to be effective, but it is easier to remember than a complex password.