Computers are the devil
-
“The Windows password is shorter than required, is too long, occurs too recently in change history, doesn’t contain enough special characters, or did not meet some other password requirement.”
In other words, I found my new least favourite error message! Thankfully technical support answered immediately because my computer wouldn’t let me change the password, long in with the old password, or log in with the new one.
This is why I didn’t go into computer science.
-
- Not compiling Arch Linux every morning
-
@cb this is why everyone has a password manager or keeps a list somewhere...
X place requires a special character
Y place requires a number
Z place does not allow capitalization or special characters
Etc
Etc
I have 5 variations of the same password because of stupid rules like this
-
@cb Just adapt a naming scheme that changes enough to meet the requirements but follows a common theme/pattern so you always remember it
Fallpassword2021! for example. I mean, what could possibly be on your work PC that is that sensitive?
-
@mastermario @CarsOfFortLangley Not allowed password managers at work, I did a variation on my usual password but the computer decided no today.
-
@cb WhyamIinSaskatchewan2021!?
-
@cb
This is how password requirements are reducing our information security. Do this a couple or three times for different systems, and your only choice is to write passwords down on a sticky that's easily accessible, or have your computer remember and autofill. -
@chariotoflove Yep. Two factor, and then password strength becomes much less important. Use a secure password manager so that you can easily use different passwords for different accounts.
Complex password requirements just mean users write stuff down on a notepad or in a plaintext file.
And of course a "new password doesn't follow the rules" error dialog is pretty useless if it can't tell you what the rules are.
-
-
@cb $ammylikes5.0LMustang$
-
@highlander looks like an OG Xbox gamertag
-
@cb stupid program at work i need for the high voltage test (as in run a fuck load of current through the machine and see if anything shorts) times out after 30 minutes inactivity..... requiring a restart..another log in as supervisor to do a dummy test so the program is happy it works and then a log in as final assembly so i can actually get back to doing the stupid pointless test and keep the office happy.....im logging in many times a day
(i kinda figure if the machine was going to short out and electrocute any who happen to be touching it i'd notice it when the guy testing if the machine actually works as intended gets lectrocuted..... why yes,..the high voltage test is the final test before packaging and shipping.... not one we do before plugging the thing in to see if at all works....what can i say... management makes the rules) -
@cb Can you do a spreadsheet? You'd have to manually update it, but that's what I do.
-
@ibrad said in Computers are the devil:
There's an XKCD for that
My prior employer used this method - as in, no special rules except 14 character minimum, change every 365 days. So mine cycled through year/make/model/color of a car I own. I have 4 currently, plus a boat, and chances are one will be different 4-5 years from now, so bam.
-
@functionoverfashion I’ve gone to 15 character minimum since most password cracking software only goes to 14. And MFA for the office and important personal accounts.
-
@skyfire77 said in Computers are the devil:
@cb Can you do a spreadsheet? You'd have to manually update it, but that's what I do.
I don’t know if you recognize the issue here, but I have no problems memorizing my password, it was having my new one break my computer that was problem.
-
@forsweden It's part of a complete breakfast.
-
@carsoffortlangley Our security wouldn't allow that password, both for a season and for the word 'password'.
Likely, your computer password is also the password for your mailserver. A number of years ago, both Target and Home Depot had customers' credit card information stolen because of an insecure link between a smartphone and the company mailserver.
What could the password possibly protect? Well...depending on internal network security, it could allow access to thousands of employees' payroll information, thousands of vendors' information, untold numbers of customers' payment information.
(I get this question a lot from salesmen who are pretty sure we're being stupid with our security.)
-
@cb I was referring to a manager not being allowed.
-
@roundbadge Password strength wouldn't change it but we had a spear phishing attack where they collected login credentials and then right before payday changed the direct deposit info of anyone they fooled who hadn't been on top of things enough to reset their password.
-
@cb fun fact: Microsoft just got rid of passwords.
And they've been recommending Azure admins to get rid of password change policies.
-
@tonicipriani I think that's NIST's recommendation as well. And pretty much every academic security researcher.
-
@skyfire77 said in Computers are the devil:
@cb I was referring to a manager not being allowed.
Ah. Yeah, that’d probably be fine.
-
-
@cb wait, what!? No password managers!? What in the actual fuck. Password managers are the best way to handle passwords, and any IT worth their salt embraced them years ago. Hell we have a corporate 1password account that everyone uses.
I actually got yelled at the other day because one of my user credentials was too weak and our Info Sec team cracked it. Granted I haven't used that user for anything in years but it was still in our LDAP system.