Yeah, my boss routinely shares logins for things over slack group channels. 😟
- 0 Posts
- 5 Comments
Joined 9 months ago
Cake day: May 17th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
The weakest link in any system is the user, not the security policy (or lack thereof).
I’ve seen this particular policy aggravate users to the point where they would rather export sensitive company data onto their own personal machines rather than deal with having to reauth once per hour into some Entra ID SSO-backed web app.
Or even users who generate service account credentials that they share around with their team such that nobody uses their own account to login anymore
When your policy teeters towards aggravating users, many of them will just find clever ways to circumvent it, which is a losing situation for everyone.
I’m sympathetic, but I’m of the mind that it should just be the duration of the workday. Certainly not an hour like some places.
If this is a login for a work/school account, it’s because someone in your IT department thinks that applying a short “max session length” policy is “extra secure”.
Basically no different than shitty password rules or some places that make you change your password every 90 days.
u wot, comrade?