The original post: /r/cybersecurity by /u/peraphon on 2024-11-18 22:53:49.

Hey all,

We use Pentera to do hash cracking of our onprem AD each week, and I have written a Powershell script to take the list of users and follow them up every 6 weeks with best practices for creating a passPHRASE rather than a password.

Please note that we never see a user’s password - we only ever see the gauged password “strength” (ie GPU effort).

A user has emailed back saying that he would like to decline my request for him to change his password, that he was advised when he changed his password last that it was a good strong password and didn’t require changing, and to desist with constant badgering and harassment about changing his password.

On a previous occasion he threatened union involvement when I asked him to change his password, claiming a “constant invasion of privacy” (LOL!)

I’ve been following this user up since 1 March about crackable passwords - he changed it once but it was still crackable.

So, WWYD with a user who obviously has no regard for infosec or network security?

Thx everyone