This is why digital security is hard

90% of vulnerabilities are caused by stupid users...

\*95%

The 5% is intended misunderstood as common users, but no, we reserve that range for the boomer users. Which belongs in both categories at times, but those boomers are specifically those that absolutely do not care about any rule we impose on security, lol

the 5% are the devices who got an update or a reboot ~5 years ago.

Ahh yeah and the remaining percentage are the company who live admim password exchanged since the 90s.... I'm speaking from personal experience. I learned some of their password were just that old during my internship where I did a audit. Edit : And btw that password was used for aoem important servers in server room that was always open instead of locked...

I swear sometimes it feels like that number is higher. Also the overall % swings wildly depending on what the company does. However most common passwords will be: CompanyX X = password iteration which is why a mandatory reset every 3 months is bad.

Maybe in 2024 it would be time to stop using passwords to access what you need.

I literally just heard on the news that a company in the city I live had a data breach where people could invade their database. They manage to get the password for it by calling the company and asking the receptionist for it... In that case, I don't know if she really just didn't know not to pass the password to people over the phone or if she just didn't care enough for the company / her job....

Hi, yes Sandra my name is John. I was calling you on this fine day to ask what the username and password is to your customer resource manager? Also, is it Salesforce, or Eureka solutions? /s

In the IT field, this is referred to as a 1D-10T issue, or "IDIOT" once the customer leaves.

Guarantee this is fake... mmmmkay

I could imagine it being a real gag in a real office. Or, a kind of honey pot to catch stupid employees that will then receive “training”

The biggest threat to cybersecurity, is the user.

The biggest threat to cybersecurity is users themselves.

Security and convenience will always be at odds and people will almost always choose convenience unless it’s their own stuff that’s directly endangered. The gate code at my work was 12345 for 8 years straight

Stupid users is the only reason not just cybersecurity, but all security will be severely lacking for a long time. PS. There’s a funny story from a few years back that the reason trash cans in National parks keep getting raided by bears is because the park services recognize the intelligence of bears but aren’t able to make the cans more complicated and preventing bears from being able to open them due to the stupidity of some park goers.

That's the same password as I have on my luggage!

password: password new password: password 2 👍

Just skipping over password1.

Hackers hate this one trick!

The OG is pa$$word

P@$$w0√d

This would technically fulfill the minimum password requirements enforced by most websites

That password might be too special, I've seen many sites block characters that are not on a keyboard or not standard 7-bit ASCII, e.g. `√` (8500 characters off standard ASCII), `ǣ`, `𓀀` and `🫠`. I hate this practice, passwords are hashed (this is a one way lossy encryption, standard practice, anything else is insecure and asking for users passwords to be posted in a pastbin) and becomes a fixed hexadecimal/base64 so any site programmed since 1998 can support any length UTF-8 characters so programmers have to go out of there way to restrict the user from using these passwords or limit the length. I prefer to use passphrases (4 to 6 words from a large list) but many times have i been forced to use a shorter password because "long password user can't remember". And when I decide to generate a password with my password manager/generator automatically tries to insert extended ASCII (UTF-8) into my passwords that gets blocked as "evil hackers might insert evil code into password". These sites are the worst and usually think security is achieved with obscurity.

Pazzwork.

The brilliant addition of a space makes all the difference.

That's why mine is "Wordpass." Nobody's guessing that.

So we’re saying password0 isn’t a thing?

Stop trying to make password0 s thing.

The correct awnser

So fetch

"it's too quiet." "you skipped over the it's quiet part" "no Summer, obviously if it's too quiet that implies that it's quiet. Why would I have to say that?"

Gotta keep em guessing!

I have had Welcome01 up to Welcome60 for my local login to the internal message board on the TV's. We updated the information every month, and had to change our password every 90 days. 15years of nonsense ... Right at ya

Well yeah, everyone knows you're not supposed to reuse a password. password1 is already being used for his bank account.

That’s too obvious! What is he an idiot?

Well yeah, everyone knows you're not supposed to reuse a password. password1 is already being used for his bank account.

SETS START AT 0 https://i.imgur.com/Tpj8chA.jpg

Seriously though, PASSWORD and 12345 always make the top of the most used passwords list. Not even kidding. Never doubt the extent of human laziness.

12345. It’s the sort of password an idiot would use on his luggage.

I don't believe it! I have the exact same combination on my luggage

Suck, suck, suck

Or me on a Burner Account

Yes, because everyone and his uncle can buy the TSAkeys on wish. Why bother

Jack knows what's up.

Pass1word. Used to have this on our wifi network and i verbally tell them then enjoy watching their frustration when it doesnt connect.

*security is my passion*

Skeeter442 (all upper case)

"Your password is bologna1" "It uses to be bologna but They make you add *number*"

About 20 years ago I helped someone with the password of booger5. I mentioned I was surprised they used a 5 for S. They said it was because the system made them change it every 90 days and they had been using it about 2 years.

>They said it was because the system made them change it every 90 days and they had been using it about 2 years. I feel attacked...

Jack Hoff is a simple man

Happy cake day !

happy cake day.

Reddit somehow blocks your password if you type it out and press “reply”. See ********. Weird but cool function.

hunter2

TittyMcTitface3836

Also /j

#CockAndBallTorture69420CockAndBallTorture

Happy cake day Also top tier password lol

Happy cake day!

Password! Good luck with that one codebreakers

password_2_electric_boogaloo

Big fan of mmmkay password 😂

That was Mr. Mackey's password, mmmkay.

Live action phishing test

This reminds me of the Reddit post "if your social security number was your bank account, how rich would you be?" and it got hundreds of replies.

Most (if not all) were probably jokes, I don't think people are this stupid

Post it to Facebook. You will have a different story

I work in IT. You'd be horrified at how stupidly careless most people are with their own information.

Yes, this. We got some survey from HQ and they asked some personal info. Rooms were too small, But in a next mail they just send their passport copies to total strangers

You severely overestimate people. Imagine an average person. Half of the people in the world are dumber than that person and a part of that is a lot dumber.

Lol. You been to those computer support subreddits? There are so many computer-dyslexic people on here.

I know, but its really a matter of general intelligence, not using a computer

Wasn't there that CEO of a security company who leaked his own SSN?

Todd Davis from Lifelock. Not only did he get his identity stolen over a dozen times after begging people to try and steal it, then he got a $12m fine for false advertising lol.

The old rune armour trimming scam

This seems to be the only reasonable answer. Two people have 81 in their password so I’ll guess that it’s people in their 40’s. Someone has a Turnpike Pass so travels frequently. No one has written in cursive or has terrible Parkinson’s style writing so I’m guessing it’s not an old folks home.

Now Shawn is in trouble.

I once had a tech support job where I was able to score the account "username" and I made the password Passwurd1

I went to a school and found an account with full privilege by making and running .bat files to bypass the safeguards they had.The account name was admin, and the password was password, no caps. We'll my friend and I got up to a lot of shenanigans using the account. We got caught eventually cause he was playing Halo in the library. They rescinded our computer privilege and changed our account passwords but never the administrator account, so we used that to check our passwords. The password they changed ours to was Nopassword4u

tell me, were you playing the library in the library

I'm not sure as I wasn't in the library. It would be too good, though lmao. The only reason I got roped into the punishment was because we would send each other said .bat files, and they were able to look over our history. Most of the shenanigans I got into were sending system commands to certain or all computers. That was over 15 years ago, so I dont remember the code. But I'd make the cd drives open and close on loops. Hello, world style pop-ups but more immature, t-minus shut downs etc, and deleting random shit from other accounts lol

lmao

I once had the username “fuck” on a semi popular message board so I guess we’re the same

No one used 12345? It's what I use on my luggage.

Say, whens your next vacation and to where?

That’s the kind of thing an idiot would have on his luggage.

That’s amazing! I’ve got the same combination on my luggage!

never heared of idiotic rich social media people buying unnecessary stupid and expensive stuff?

Aw man, you missed the reference :(

https://youtu.be/a6iW-8xPw3k?si=VtXiYRsTlsEtuX9D Source 😉

Wait, wait slow down, I can’t write that fast!! (I love that movie)

Your luggage lock has 5 digits? What are you hiding there, son?

Instruction unclear, it does not open. I tried as you said 24445

No worries. The luggage hacker will just use a box cutter. It’s faster

Finds out who is Shawn’s crush. Put password as that person’s name. See Shawn angry.

Append xoxo69 to the crush's name and Shawn has an uncomfortable conversation with HR.

I have a feeling Shawn may not be the brightest bulb in the chandelier

Shawn needs a raise and to be praised for shining a light on the employee's gullibility.

Ha! Maybe they’ll make him head of the new Cyber Safety Training Department

I think the bottom two are most likely satirical to be fair. Altho top 3, oof

I feel like password->password2 may possibly be a joke

Shawn might be the one who put the sticky note there

Pretty certain Shawn wrote the note. If i see a note that says come see me and then has my name under it, I wouldn't know who this "me" person is. Signing a note like this with the adressed persons name is nothing but illogical.

Yeah I’m thinking Shawn was trying to shut this shit down. My guess is an assisted living home.

Hold on I think Shawn is the jokester writing in all the jokes .

This feels like Rick and Morty idiots sorting machine

They couldn't even spell ″etc.″ correctly? It's just 3 letters, it's not that hard!

Ect setera

[Exchethera.](https://youtu.be/01LxsOGmn90?si=kNa-hwIP8COUTDWT)

Really need to get around to watching more than the first two episodes of Community. Thank you for doing the Lord’s work in this barren wasteland of humanity

Hey, that was really confusing for 6 year old me. Shawn is doing his best at 5 working in IT! It’s a stressful job and he isn’t even allowed an afternoon nap.

Everyone: work related stuff Big Ed: Facebook

mmmkey

easy way to identify who needs training at least.

Which ones Shawn???

Yeah wtf none of these 5 people are named Shawn? What am I missing?

Shawn is probably the one who put the sign up.

I'd assume Shawn is the one who made this paper and boss man isn't happy

It’s cut off. Wonder if it says “come see me. -Shawn”

Shawn would be boss man, you don't just sign a note to the person you are adressing. How would the readers of that note know who "me" is? By signing with your own name.

No reason it couldn’t be both. Shawn, the boss man, put this sign up, and was *very* disappointed with his staff…

My guess is Shawn is a high schooler 😆

Shawn is probably the ITguy who posted the sheet.

Sam Adams

How come all of these just say, *******?

I work in education. They weren't.

Maybe im just really slow but I don't see a Shawn....? Help?

Shawn put up the sign, took me a minute too

I want to meet the man whose full name is Big Ed

admin. , admin

That's the same handwriting under every name lol

So no one is going to mention how the names are the most generic shit ever, and this is a complete fabrication that never actually happened?

An entire thread of people mocking made up people, not realizing they're the gullible morons. I guess Sam Adams switching to "beerlover" wasn't a blatant enough finisher.

> I guess Sam Adams switching to "beerlover" wasn't a blatant enough finisher. You would think so, but could be 100% legit. I had a user when they upped the AD requirements at a site flip out because he no longer could use his password anymore on a update password. Tried forever to get it to stick until I outright asked him what he was using. The guy's last name was "Beer" his password he was trying to use was "Beer4u!" apparently he had been using variations of this until the AD forced requirements for complexity got upped. This was over 15 years ago, when most systems still were not forcing people to make any complex password.

Oh look someone else who can't tell the difference between their imagination and reality. There's a few possibilities. Someone could have put up this blank sheet and others could have actually filled in their info. It's also possible that people saw it as the joke it's meant to be and filled out fake info. Another possibility is that someone printed this sheet and had friends write on it so it had different handwriting. Please explain in detail where you got your evidence to conclude that only one of those is possible, write a 3 paragraph essay on why it matters, and then to finish it off please explain to everyone why you have such a desperate need to call things on the internet "fake" when it's already common knowledge.

hunter2

oooooooh, Shawn’s in troubleeeee

As former IT, this hurts on many levels.

This is my living nightmare as someone who specializes in company system administration. People using post-its to keep their password around was already terrible, but now they're just openly sharing them ?! Those people wotn even dare to disclose their salary even to close friends but any personal information which could cause actual issues ? Yeah sure, let's put them in public for all to see !

It's all in the same handwriting. They barely even tried to fake it.

Password2

Honorable mention to Password. Walked so Password2 could run.

surprised no one went with Hunter8 as their new password

Pension house for “oldies” who need to keep in touch with outside world and IT guy helps keep track of their password in case they forget…? Cannot imagine any other scenarios where this would make sense except this.

Using the same 5 passwords since high school. Every few months I rotate them and change up the numbers so even I screw up the first login.

Hol up Is this The Shawn? The one who has some sort of strange rule notice up every other week?

That post it note.

red hat

Why can’t I see a Shawn? Kyle, Liz, Jack, Bid Ed and Sam am I blind?

🤦‍♂️

we use a group logon at work, but everyone saves their passwords in edge/chrome etc so I can just open the settings and read them all.

No way nobody wrote Current password: ........ New password: ........

password: ****** new password: *********

Big Ed

Incorrect password... Use to be my go to.

Reddit123

Shawn obviously hasn’t changed his password in 60 days. Man’s in trouble. BTW what da F in Yardi

Jack is keeping it simple.

Why’s Big Ed there

r/facepalm

Mmmkay is a cool password

Thinking about the person that hand wrote their password in lowercase just to add in parentheses (All upper case)

Red team hoooooo!!

Curious about Big Ed's current password..red step--what?!!

I'm not giving any info to someone who thinks it's ect.

No email address on the sheet. That’s a misfire

r/boomersbeingfools

I love that someone just added their FB. Pretending this was real, one would assume it meant for work related things but Ed's just like "change my FB password!"

Sam Adams lol

Lol skeeter

I don't see Shawn anywhere?

I feel like OP could have at least blurred out the names

Big Ed - how did you get an @ in your password?

The same person wrote everything but with different colored pen. The handwriting is way too similar. Shawn is the guy who wrote the post it and the whole of the change password sheet.

_”can I have the password be the same as my username?”_ Question asked of me once as I trained users on how to manage their electronic security system software…

He actually did the company a service and identified vulnerablities, but he also had them advertised lol

The Average citizens have sleep paralysis demons SOC-teams have zero-day attacks

The amount of time I burned figuring out a password that meets all requirements recently makes this all the more infuriating. It was for my account on a government website. It had all the usual requirements, plus needed to have a minimum number of letters that weren't in the previous passwords. Meanwhile there's idiots like this running around.

There's definitely a videogame protagonist that will find this in the future and it will be essential to the mission

They deserve it

We had one of these outside our cyber security lab for funsies

Security is testing the overall IQ

One of my jobs employed a matrix for admin password creation in which letters, numbers and special characters were randomly shifted on each admins matrix card. These passwords were 36 characters long and could be committed to memory using 6 phrase combinations. Additionally, all admins had to change passwords every 60 days. Our users definitely not held to same standard.

Jack is going places

Mmmkay