Mainly because I know how people were during the cold war and have no doubt in my mind that the thought process was “nobody will ever access this without a reason, so let’s make it super quick and easy or we might be radioactive slag before we finish typing”
One of the things they teach you inside the security is to assume that no matter how much you bang on about secure passwords the client is still going to have Password1234!. So you build around that.
Though people were a lot more blasé about security in general in the cold war. Computers were considered to be quasi magical boxes and it was sort of believed that they wouldn’t act against you.
12345678
You joke, buuuuuuut https://arstechnica.com/tech-policy/2013/12/launch-code-for-us-nukes-was-00000000-for-20-years/
The USAF has denied this, multiple times.
I do not believe them.
Mainly because I know how people were during the cold war and have no doubt in my mind that the thought process was “nobody will ever access this without a reason, so let’s make it super quick and easy or we might be radioactive slag before we finish typing”
The mere fact that it’s believable is a problem.
One of the things they teach you inside the security is to assume that no matter how much you bang on about secure passwords the client is still going to have
Password1234!
. So you build around that.Though people were a lot more blasé about security in general in the cold war. Computers were considered to be quasi magical boxes and it was sort of believed that they wouldn’t act against you.
Seriously though, my country’s government used similarly weak password in the past: https://spectator.sme.sk/c/20002161/security-bureau-hacked.html
The Slovakian (SR) National Security Bureau (NBU) has used the username “nbusr” with password “nbusr123”.
We’re surrounded by assholes