You must log in or # to comment.
They tried using the password “winter2023!” and got 50 or 60 hits among the employees.
Why did so many employees have this same password? I’m guessing maybe IT used it as a default or something?
When you force users to change password every 90 days, but also don’t use anything like a password filter DLL or more modern solution to block obvious seasonal patterns, folks do this.
Honestly I really struggle with this. I use a password manager and 2FA for everything I possibly can with completely random passwords.
But on my work machine for first logging into the OS, what can you do? I have a handful of randomly generated passwords from high school memorized so I usually rotate a combination of those, but I don’t love that either.



