Funny thing at work, I was handling some legacy users - we need to make sure that on the next login, if they have a weak password, they have to change it.
So the whole day I’m typing “123” as a password, 123 123 123 123 all good. So finally I’m done and now I’m testing it, and accidentally I type 1234 instead of just 123. Doesn’t really matter, either is “weak”, so I just click “Login”.
Then goes Chrome, “1234 is known as a weak password, found in breaches, you should change it”.
So TIL 123 is still good.
Where I work, the infra folks are way overworked. Getting them to do things is impossible given their existing todo list. And when you do get them to do something (by throwing managers at them) they half-ass it.
(I’m not blaming them. I blame the managers. It is frustrating though. Anyway.)
And as a result, there’s one system that I use frequently that they set up, but cut corners and never hooked it up to our single sign-on solution. And so in order to get into this system, everyone has to use a shared username/password. “readonly:readonly”. And every time I log in, my browser nags me about the known weak password.
So, is the account actually read-only?
I’m not sure I’ve ever tried to do any write operations. I’m honestly not even sure the service behind that login page offers any write operations. I might have to check sometime. I’m curious.
No, only the password is.