alt Hacker NewsI have never worked in a company where an obviously incorrect CEO-demanded security exemption (like this one) would have been allowed to pass. Professionalism, boards (with a mandatory employee member/representative, after some size) and ethics exist.
30 years in about 8 software companies, Northern Europe. Often startups. Between 4 to 600 people. When they grow large the work often turns boring, so it's time to find something smaller again.
Replies
I used to work devops for a startup. The _only_ person who was exempted from 2-factor auth was the CEO. It's the perfect storm: a tech illiterate person with access to everything and the authority to exclude himself from anything he finds inconvenient.
>I have never worked in a company where an obviously incorrect CEO-demanded security exemption (like this one) would have been allowed to pass
You don't have worked in enough companies then.
Just for the sake of argument, you think anybody would have denied Jobs or Bezos or Musk one?
CTO at a successfull cybersecurity startup I worked at long ago was exempt from critical security updates. She refused to restart her computer out of fear for her Excel state.
The phrase ‘Don’t you know who I am?’ Will be taken differently depending on corporate culture.
Ah, Northern Europe is probably the difference. This passes all the time in the US. It's probably more common in non-tech companies, as well.