By some margin the worst I've seen: The accounting department had admin access for pretty much everything within the company and passwords in plain text in a Google Sheet.
I worry something like that is remarkably common, because accounting often needs access to invoices. You'd be surprised how many services have no permission step between "not admin" and "full admin", the latter having access to invoices, so I'd bet a lot of accounting departments have crazy high privileges to mission critical systems. And often no security training at all.
I promptly held a security all-hands, sorted all those privileges and made sure the whole company had a password manager.
I'd urge anyone here to quickly check the practices where you're working. You might find it's a disaster in the making.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
By some margin the worst I've seen: The accounting department had admin access for pretty much everything within the company and passwords in plain text in a Google Sheet.
I worry something like that is remarkably common, because accounting often needs access to invoices. You'd be surprised how many services have no permission step between "not admin" and "full admin", the latter having access to invoices, so I'd bet a lot of accounting departments have crazy high privileges to mission critical systems. And often no security training at all.
I promptly held a security all-hands, sorted all those privileges and made sure the whole company had a password manager.
I'd urge anyone here to quickly check the practices where you're working. You might find it's a disaster in the making.