Comment on Appreciation / shock at workplace IT systems
Dirk@lemmy.ml 8 months agoBig international corporate, IT security hired by personal connections instead of skill, IT security never worked in daily business.
The fun thing is, that they refer to NIST guidelines. Which is even funnier because NIST says 12 digits are enough, user-generated 8 digits are fine, no complexity rules, and password changes only “when necessary” (i.e. security breaches).
lemmyng@lemmy.ca 8 months ago
Or they work in a regulated industry that requires pseudo-airgapped machines for remote users, e.g. the machine actually interacting with the systems needs to be within the controlled boundary but the company has a presence in multiple locations, so the solution is to have a Citrix server that the users remote into. But because the SSP also has access control requirements at every stage that take a long time to get updated to newest industry standards, the user still needs to have passwords rotated, MFA, and all that kaboodle.