Scary Password Policy

Doing a training thing for work next week. The training coordinator sent an email to 25 of us about how to access the learning portal. The username is email and password is a single word with an exclamation point. My first instinct was get in ASAP and change the password since so many other people have access to my password.

Only.

There is no link. I click and click and clink. I cannot find it.

Finally, I look at the source code and notice features in it that reveal this portal is running on WordPress. So, I added “wp-admin/profile.php” to the URL and get a 404. I added it to the domain and bingo, I was at my own profile. So, I used the WordPress password feature to generate a strong password and change it.

I wonder how many people have taken training from these people and bothered to change the password?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: