I had lunch with my friend “Jason” from Universal Widgets last week. We hadn’t talked for more than two years and Jason’s first comment was “Did you know I left Universal to go work for Galactic Widgets but I’ve gone back to Universal Widgets?” I was surprised because I had missed out on what my friend was up to for more than two years. But, here we were back at the beginning again. Anyway, we had a good discussion about what each of us were up to but the most interesting part of Jason’s story was his answer to this question: “How was your return to Universal?”
Jason answered that they hadn’t allocated his desk to anyone else so it looked as if a “Jason shrine” had developed while he was gone. “But the worse part of my return was that I was able to logon with my old userid and password!” Where had I heard this before? However, rather than agreeing with me Jason’s comment was: “The worse part was when I started Outlook and I had 25,000 unread messages!”
I guess there can be some things even worse than a security compromise with not being de-provisioned and that’s coming back to two years worth of unread e-mails! I think Jason is still too busy deleting messages to answer his phone…
Technorati Tags: identity management,provisioning,security
1 comment:
I wonder what kind of policies that the organization had that it even did not ask for a password reset. A password staying unexpired for more than two years and it not being audited in the last two years talks about the organizations security policy.
Post a Comment