Instead of using "password" as your password, use "cGFzc3dvcmQ=". Now you've satisfied all of the complexity requirements, and it still means password.

#infosec #badinfosec

Today at work we received an email directing us to complete mandatory annual anti-phishing training. As I pointed out to the director of IT, the email:
* Was unsolicited and unannounced
* Contained an immediate and mandatory call to action
* That link is external to the org and requests auth
* The email was sent from outside the company using a forged "From" header to make it appear that it came from within

In other words, it was literally the exact thing people should be looking out for when dealing with phish attacks. This third-party company running the training is faking it, not making it.
#infosec #badinfosec