One chestnut from my history in lottery game development:
While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.
Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
The IT company I work for purchased me, along with some number of my coworkers and our product line from my former employer. Leading up to the cut over, we’re told that on midnight of the change, our company email will stop working. No forwarders or anything. BUT, we will get a new email that consists of [email protected]. When the password on this new account expires, because we can’t change it because we’re no longer employees, we have to go to a website to request a password change. This emails us a link to our new company email address, but we can’t use that link. We have to manually change part of the URL for it to work. I had them manually change my password twice before I gave up on the whole process. Figured I didn’t work for them anymore. What would they do if I stopped using this bogus account/email address, fire me?
Is it actually gibberish? I have never seen a company use anything other than parts of first name last name at company.
I’m sure it meant something to someone, but it was just letters and numbers to me.