Not really. It was well known that passwords were being cracked, and the guy in question was even warned already that his password had been cracked the week before.
Wait, how is it a common / weak password if it has some oddly sexual phrase regarding a specific person? Sounds like its literally just brute-forcing, in which case you're just going to hit random user's passwords.
A string of dictionary words and a very common name. And yeah, JohnTheRipper was a brute forcing dictionary attack that was very common. If anyone had access to the password file they could run the same cracker. The idea was to crack the passwords before an advisary could using the same tools.
Next time you can push for explicit password quality requirements and something like 2FA instead of violating people's privacy and weakening their security at the same time. (Can you imagine anyone reused personal passwords?) This eagerness to apply fun tools in the workplace is in large part what built the heinous surveillance apparatus that's probably going to kill a lot of people as soon as a sufficiently strong-willed fascist takes control again. Richard Stallman has called this "Stalin's dream", but ironically he was also recently Cancelled for ridiculous allegations of sexual misconduct and wrong-think, so perhaps this allusion is not sufficiently powerful for this audience anymore. A shame if so.
The questionable behavior in this case is getting a guy fired for selecting a politically-incorrect secret passphrase. This is merely one step removed from reading his brain and figuring out he fantasizes about spanking coworkers while having sex with them. (I've done this, and yet we are good friends!)
We don't know all the details, maybe that guy actually harassed people, but scrutinizing someone's private thoughts without prior suspicion for offensive-but-noncriminal behavior that can be pivoted into larger accusations is how police states work.
In the best case, this encourages people to filter their private thoughts and actions by the standards of what is acceptable to advertise publicly, which is incredibly unhealthy and oppressive.
> The questionable behavior in this case is getting a guy fired for selecting a politically-incorrect secret passphrase.
I think you're being disingenuous. The guy got fired for sexual harassment. The password merely tipped people off as to what was going on. Don't use a weasel word like "politically incorrect" to re-frame the discussion in a way that's both incorrect and more favorable to an emotional reaction in your favor.
It's stated that he was fired for "being creepy", which is a highly underspecified complaint that can be used against someone you find disagreeable for any reason, only some of which warrant termination-of-livelihood. I was being charitable assuming that the real accusation involved actually harassing someone.
Like what? I have an ex-girlfriend whom I dumped when she (among other things) called my family and lied about me getting into a horrible accident because we were arguing about her [several hard street drugs] addiction. I cared about her enough to stick around until after the drug problems started. She tells people I'm a "creep" when she explains why we didn't work out, because we had been together for a while and I seemed like a decent guy. I literally moved to a different state because she'd show up at my home and work frenzied, and I knew a restraining order would land her in jail (and cause her to lose her surprisingly good job, which I was sure was the last remaining foothold of stability in her life; at this point I was literally worried about indirectly killing her by protecting myself). She still doesn't know where I live, some of my throwaway accounts have the phrase "FUCK [her name]" in their password, and (old, because I can't share contact anymore) mutual friends have told me she tells everyone that I developed hardcore schizophrenia and generally behaved like Satan. The shorthand for this is "creep".