That was in 2014. They’ve since changed it to Louvre1
Louvre40
It has been changed every quarter and not repeated an old password since then!
It does include the fifth password Louvre4, but actually they only can’t re-use the previous 6 passwords so it went through.
IT: We need a full audit, a department of people to run patches and tests, and everyone gets off of Windows immediately.
Director: Well we can’t hire anyone but if you want we’ll let you upgrade everyone’s system to Windows 11. They’ll probably be mad about it, but it’s all we can do right now. Hey it’s got AI now! You like that, right?
Rinse/repeat.
I’m waiting for the headline “Turns out thieves just asked nicely if they could take the art”
distracts French guards by surreptitiously dropping wheel of cheese and pack of cigarettes on floor
“Hey, you using that? No? Well, here, lemme borrow it. I’ll get it right back to ya.”
User name was LouvreMcLouvrevisage.
Everyone knows that the weakest link is the human.
“Hello is this the Quahog moustache society?”
“Yes it is, what’s the secret password?”
“Moustache”
“Alright, come on in”
Poor IT security should have judicial consequences.
Speaking as someone who’s worked contracts in secure facilities, I can say from experience that no one working in a place like this is even mildly surprised. The extent to which ‘learned blindness’ is applied should worry people still assuming that vaunted organizations or even government facilities are protected by strong security policies instead of mostly by the base restriction of non-authorized personnel from work areas.
Not naming names, but if your org doesn’t use the classic Admin & Password defaults, and forces you to renew your terminal passwords on a regular basis, don’t write it down on a Post It and stick it to your fucking monitor where anyone walking past can see. The sheer scale of the incompetence here is galling, in that teenagers have a better sense for passwords than the Louvre security & tech team apparently.
Edit: spaced and omitted part of sentence structure
Not naming names, but if your org doesn’t use the classic Admin & Password defaults, and forces you to renew your terminal passwords on a regular basis, don’t write it down on a Post It and stick it to your fucking monitor where anyone walking past can see.
Got it. I’ll write it down on a Post It, take a photo, and will make that my desktop background instead.
Don’t forget to have that photo automatically backed up to your personal cloud storage!
Post the photo to every social media site available - so everyone knows you are safe and secure!
Yeah you gotta put the post it under your keyboard /s
Damn, not even Louvre@123
I can confidently say this is more common then you would realize.
That’s very 12345 of them.
Mentioned this to my elderly father and he said “I could do better than that.” He’s a master of security compared to that.
