We have logs from our various web applications at work.
In one data center the logging analysis software has been upgraded.
I now need to log in with my 14 character, must have different case, numbers, and punctuation password, that i cannot repeat for 20-some generations, and that i must change every few months.
And the log in form is http, not https -- that is, all the text is clear and readable on the internal network.
I wrote the person responsible with a request that they switch to https as soon as possible. The response, it's too much work.
I desperately want to sniff his password and use it to log into his email account and forward the email exchange to the head of security.
Instead, my manager is going after the offender.
This is also posted at http://elainegrey.dreamwidth.org/661316.html .