After self hosting several services for a few users, with SSO, backups, hardware issues etc, I really appreciate how good the IT was in my old company. Everything was connected, smooth, slick and you could tell it was secure. I had very few issues and when I did, they were quickly solved. Doing this all at scale for thousands of employees spread across the world, it is a wonderful sight to see.
Now at my current company, it’s at the opposite end of the scale where I almost believe that I could do a better job by myself! They’ve trying to do everything you would expect but somehow doing it wrong. They are so heavy on security I have a Citrix environment that takes me 3 logins to get to, fails constantly and means I can’t work without internet (like on a long train journey for work purposes recently), and on the other hand they’ve only just turned off admin rights for users so we could’ve installed anything we wanted!!! All our attachments (incoming and outgoing) are saved to a secure website (like OneDrive) and replaced with a link. It doesn’t save the file names on the email so it’s really tricky to find old emails if it’s a document you’re looking for. I could go on but just venting at this point as it’s so frustrating!!!
Thank you to the good IT people out there. Your roles are so important but not appreciated enough!
My favorite is when IT deploys software that replaces all the links in your e-mails with
https://example.com/phishing/YiCdMdsY
so you can’t tell whether the e-mail is phishing or not, frequently sends you very obvious fake phishing e-mails that interrupt your work by going straight to your priority inbox, and punishes anyone caught clicking on phishing e-mails. Then HR sends out e-mails that have all the indicators of low effort phishing and you’re supposed to click on those.My experience with my company is exact opposite. Apparently Bitwarden and Vivaldi are not allowed because they have a lot of vulnerabilities so people should continue using edge/chrome and a plain text for storing all their passwords that they often show it on screen share. Had an issue with 2FA cause those assholes decided it’s fun to force the Microsoft propriety authenticator for everyone so I can’t use aegis anymore. That issue took a whole fucking month to get resolved cause none of them could comprehend their almighty Microsoft app didn’t work on my grapheneos. On a unrelated note, anyone got any openings at your company?
They are so heavy on security I have a Citrix environment that takes me 3 logins
My daily routine:
- Take laptop out of locked shelf
- Start Laptop and enter boot password
- Enter Bitlocker password
- Enter username (not saved) and password
- Open Citrix website and login with different username and password
- Enter MFA token to access said website
- Start server connection
- Enter different username/password (not saved) to access server
- Enter different MFA token for the server login
- Start the business-specific application with 3rd set of not saved and different login data
They also have plans to make MFA mandatory for laptop login, too.
Passwords need to be at least 15 characters long for laptops and 30 for servers and 10 for the business-specific application. All need to have uppercase, lowercase, numbers, and special characters and need to be changed every 60 days (for the server login) and cannot be the last 30 passwords.
And then they wonder that people resort to easily predictable patterns such as !1Qaz@2Wsx#3Edc and simply shift it one position to the right with every forced change and repeat at the end of the keyboard.
Some users have a barcode scanner connected to the system for doing the business stuff. The barcode scanner registers as HID keyboad …
Yes, they did exactly what you think.
Smart. I’ve seen it on manufacturing lines for operators logging into SAP. They put the barcode on the back of their badge.
That make the badges NFC tags but without actual NFC …
At least they had the code not in direct sight on their desk.
This is advanced post-it under keyboard level
This is very close to my workplace but we have about 17 domains to work across, with a separate account for each. It’s frustrating sometimes, but in the end I get paid the same either way.
Ladies and gentlemen, we have a winner!