Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)

Status
Not open for further replies.
Giordano said:
The more complicated and "random" the password mandated, and the more often changes are mandated, the more likely it will end up on a Post-It note affixed to the monitor.

It is silly to ask people to create new long random strings of characters every 3 months and then tell them to not write them down but to just memorize them. And that they should create a different long...etc. for every account they employ. That is beyond most people's ability to keep track.

I use the Apple keychain and keychains (especially the ones that generate different site-specific high complexity passwords when asked) appear to be a good compromise (one that is, of course, targeted by hackers too).
Click to expand...
The truly galling thing is that before I commenced this position, the organisation had just completed a process of migrating a smartcard-based login to a password-based one. That was a step backward in my opinion, but IT security policy appears to be set by people who don't understand IT security.
 
arthwollipot said:
The truly galling thing is that before I commenced this position, the organisation had just completed a process of migrating a smartcard-based login to a password-based one. That was a step backward in my opinion, but IT security policy appears to be set by people who don't understand IT security.
Click to expand...
It is usually set by people who have done a six-month bridging course in "IT Management" as part of their Masters in Business. They are hardly up to today's technologies but are willing to push forward with yesterdays. They know enough to be dangerous, but not enough to realise it.
 
arthwollipot said:
The truly galling thing is that before I commenced this position, the organisation had just completed a process of migrating a smartcard-based login to a password-based one. That was a step backward in my opinion, but IT security policy appears to be set by people who don't understand IT security.
Click to expand...
Where I used to work, we had the option of doing a "smart card" login with our badges. Which required entering a 12 digit code instead of the usual 8 character password. Gee, I wonder why nobody used it?
 
Giordano said:
The more complicated and "random" the password mandated, and the more often changes are mandated, the more likely it will end up on a Post-It note affixed to the monitor.

It is silly to ask people to create new long random strings of characters every 3 months and then tell them to not write them down but to just memorize them. And that they should create a different long...etc. for every account they employ. That is beyond most people's ability to keep track.
Click to expand...

That's why I use descriptive sentences of what I'm doing (such as "thisisthepasswordiuseforloggingintothatskepticswebsite" - not my actual password here of course, just an example) which is trivial to remember but a lot of times I can't do that because of those rules of "use a capital letter" and "use a number" and "use a symbol" etc.
 
caveman1917 said:
That's why I use descriptive sentences of what I'm doing (such as "thisisthepasswordiuseforloggingintothatskepticswebsite" - not my actual password here of course, just an example) which is trivial to remember but a lot of times I can't do that because of those rules of "use a capital letter" and "use a number" and "use a symbol" etc.
Click to expand...

I've used a few different rules over the years, but what always makes me laugh is those scenes in movies where someone guesses a password just by looking around somebody's office. I've never had a guessable password, even by someone who knew me well. Are there really people who do?
 
zooterkin said:
I've used a few different rules over the years, but what always makes me laugh is those scenes in movies where someone guesses a password just by looking around somebody's office. I've never had a guessable password, even by someone who knew me well. Are there really people who do?
Click to expand...

I used to do that, but I always had a collection of small toys collectibles on my desk, between 15 & 20, and I'd use a combination of two or three with some special characters thrown inbetween. Not 100% but good enough for the three goes before lockout.
 
arthwollipot said:
I just had this conversation.

The first time you use this password, it will prompt you to change it. When you pick your new password, it must be at least ten characters long, must contain upper and lower case letters and at least one number or symbol.

Okay. So... how many letters again?

At least ten characters.

And it has to be upper case?

Upper and lower case letters, and at least one number or symbol.

So... was that eight characters?

At least ten. Ten or more.

And it has to contain a symbol?

At least one number or symbol.

One Number and one symbol?

At least one number or symbol.

Ten characters. Exactly ten?

At least ten. Ten or more.

And it has to contain a symbol.

At least one number or symbol.

It's not working.
Click to expand...

It kind of amazes me that some people need handholding for a password change. I will admit that my last change took me several attempts (kept getting "passwords don't match" which obviously means I typed something different than I thought I did in at least one of the new password fields, but I just kept trying until I got it right.

There was also one occasion when I had to ask for a reset because I had changed the password to something different than I thought I had, so I managed to make the same mistake on both new password fields, and I was not able to figure out what I had set before I locked it out.
 
CORed said:
It kind of amazes me that some people need handholding for a password change.
Click to expand...
Right - this is very very basic enterprise computer usage. It should be the first thing every user learns in their first office job as it is applicable to every environment.
 
Another thing you can try if you're daring enough is to fire up a good VPN, launch Tor, and search for your password. You'll see if anyone's posted it clear on the dark web.
 
Heh heh heh. Because of the change of government, the name of the Department has changed and we're updating everybody's email address over the weekend.

I just recorded an IVR message reminding people to reboot their computers before calling us.
 
arthwollipot said:
Heh heh heh. Because of the change of government, the name of the Department has changed and we're updating everybody's email address over the weekend.

I just recorded an IVR message reminding people to reboot their computers before calling us.
Click to expand...

Typical government! Can't find any real work to do? Change all the letterhead.
 
Giordano said:
The more complicated and "random" the password mandated, and the more often changes are mandated, the more likely it will end up on a Post-It note affixed to the monitor.
Click to expand...
Several of my clients have desk checks for that reason; third time InfoSec can find your password you need a new job.
 
zooterkin said:
I've used a few different rules over the years, but what always makes me laugh is those scenes in movies where someone guesses a password just by looking around somebody's office. I've never had a guessable password, even by someone who knew me well. Are there really people who do?
Click to expand...
I remember an early morning ramble around a client's open plan space. Eleven passwords for their systems and more for personal stuff.
 
Status
Not open for further replies.

Back
Top Bottom