PSA: The "password" on my company's VPN was literally password123

I was digging through our IT settings last week for a new remote contract and found that the VPN login for guest access had the password set to "password123." I checked our security logs and saw over 300 failed login attempts from different IPs in just 48 hours. This was at a mid-sized law firm in Cleveland with client contracts worth millions. Has anyone else found crazy basic security gaps at work that just made you freeze up?

3 comments

3 Comments

perry.jessica19d ago

Remember reading about how most people pick the same weak passwords over and over, like there's a top ten list that never changes. Password123 is basically on every single one of those lists. The really scary part is that it probably wasn't even intentional negligence, someone just grabbed the first thing that popped into their head and called it a day. That many login attempts in 48 hours shows there's definitely automated scripts constantly scanning for exactly that kind of setup. Law firms handle all sorts of confidential data too, so this one could have ended real bad if a script got lucky.

lucas_johnson20d ago

Used to laugh at stories like this until I found something similar at my own place.

allen.william19d ago

My buddy found his company's server password taped under a keyboard once.