If you’ve ever used the IT network of a large organisation there’s bound to have been an occasion when you’ve had to call the IT help desk to sort out a difficulty. If your account needs to be re-set, you might be given a temporary password to access your account before changing that password to something more individual.
In theory. IT Security Managers know that many users just keep using the default temporary password.
A few weeks ago an IT services manager in an east London support centre heard a help desk technician say, ‘I’ve changed your password to Hackney1. After you’ve logged in again, change it to something less obvious’. The manager told the help desk staff to stop using Hackney1 as the default password and use something less predictable.
The following day, the help desk was saying ‘I’ve changed your password to Hockney1 …’