|
Dalek Dave wrote: I want you to know we are not talking low-level office fodder here, some of those complaining were senior managers high-level office fodder.
FTFY
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill
America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde
Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
|
|
|
|
|
Pete O'Hanlon wrote: choose abc123 as their password
Will please NOT publish my password on the interweb
Pete O'Hanlon wrote: use large chunks of previous passwords
I have a counter in my password, it is up to 68 
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Also, not all passwords are related to brute-force hacking. For those obtained via social engineering there is no brute-force attempt => no reason to lock a user out.
Forcing the user to change their password at specified intervals would prevent a password obtained in this way to always work, of course assuming the hacker is stupid enough not to change it (EDIT: or grant himself a permanent way into the system), or the user is stupid enough to provide their new password again.
Full-fledged Java/.NET lover, full-fledged PHP hater.
Full-fledged Google/Microsoft lover, full-fledged Apple hater.
Full-fledged Skype lover, full-fledged YM hater.
|
|
|
|
|
I have yet to meet a single developer who would voluntarily implement a security policy, ANY security policy. Generally it is an Enterprise or Client requirement and the developer will be sacked if it is not implemented or exposure to the internet forces a defensive implementation.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
That also begs the question if this carried any merrit , what doesnt my bank ask me to change my pin code every 3 months or my internet login password.
I mean what the boss says goes should go but if an employee is stupid enough to share his password with co workers he is most likely is violation of his conditions of employment.
Chona1171
Web Developer (C#), Silverlight
|
|
|
|
|
The weakest link in ANY or ALL security protocols is the human being sitting at a keyboard.
Famous Frankie Boyle sketch in which he explains about security.
A Laptop had been left on a train the MOD's explained there were passwords in place.
Boyle pointed out that this was rubbish as these guys were IT Nerds...
"All you need to do is turn it on, type 'Gandalf' and you're in!"
I choked on my cornflakes, for my password at work is..."Gandalf".
---------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
|
|
|
|
|
Wow. . . .
yes it would be great to see stats of certain movie character being used by IT Geeks
Mine on the other hand is a combination of a windows 95 prod key first sequence - 2 special characters - windows xp prod key first sequence - 2 special characters and 5 characters of PI and the website that I have accessed initails in capitals (Code PRoject - CP , Facebook - FB) leaving me with 21 character aplhanumeric special character and Capital sequence 
Chona1171
Web Developer (C#), Silverlight
|
|
|
|
|
The main reason I can see for doing this is to prevent old employees from hacking into the system.
(Yes, when an employee leaves you delete their account, but they may have access to resources using passwords that may not be directly connected to their own Windows identity - for example someone else's password!)
In the case of a bank PIN, it's different, as you never go away (you can't leave the company)
|
|
|
|
|
yes but take this then for instance guy goes away for 2 years , he tries to login , gets the chaneg your password screen and bobs your uncle he has the new password.
funny thing is 4 years after leaving my old company I still have all their remote server ip logins and passwords with full admin access, and my fingerprint still opens the front door of their office.
Good think i am not a phsyco out to steal their Intellectual property, but i shudder to think what could happen
Chona1171
Web Developer (C#), Silverlight
|
|
|
|
|
Chona1171 wrote: Tech support constantly gets (I forgot my password or got locked out)calls
This should not be necessary.
It is possible to set up systems where the users can reset their own passwords with saved security questions etc.
I worked for a large corporation where we had this - it was set up precisely to save IT from having to reset passwords.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Yes some companies implement it , though it in itself poses a security risk.
"What is the name of your dog"
"your birthday"
"your moms maiden name"
"first childs name "
all things that could be struck up in casual conversation for example
it is a good idea but sofar I havent had a single answer giving any merrit to that policy
yes what if someone gets your password - chances are he wont wait around for password expiry to kick in before he / she does the damage.
Chona1171
Web Developer (C#), Silverlight
|
|
|
|
|
I agree, for the most part it is kind of overkill. For example, our version control is password protected, but you could just walk in (door's not locked most of the time), take a hard drive from a computer, pop it in another computer and get access to almost current code as everyone has the code checked out anyways. (Though, this stops you from committing as someone else, which is probably a good thing.)
But besides access to proprietary code, having access to my account won't give you anything of real value...worst you could do is send some emails as me, or submit a bug to the bug tracker (so dangerous!  ). So I really don't see a point in having that much security on my account.
What makes this more annoying is just trying to think of a password that is complex enough to meet requirements, while still being able to remember it, so I don't lock myself out of my account from too many wrong passwords. 
|
|
|
|
|
"Required to finish on board and spare King cognitive dissonance."(11)
Can I get 3 for 3?
Perhaps not, I feel this one may be solved.
---------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
|
|
|
|
|
wisenheimer? I could get only the R, so might not be guessing quite correctly.
|
|
|
|
|
There is no R
---------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
|
|
|
|
|
R or K - added or removed... But I cannot spend much time with such a little hint today. And you are early today, that took almost half an hour...
|
|
|
|
|
ststustuter
Panic, Chaos, Destruction. My work here is done.
Drink. Get drunk. Fall over - P O'H
OK, I will win to day or my name isn't Ethel Crudacre! - DD Ethel Crudacre
I cannot live by bread alone. Bacon and ketchup are needed as well. - Trollslayer
Have a bit more patience with newbies. Of course some of them act dumb - they're often *students*, for heaven's sake - Terry Pratchett
|
|
|
|
|
I really thought this one would be solved quite quickly.
It seems I may be going three for three after all.
---------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
|
|
|
|
|
Doublethink.
Required to finish on (darts) board = double
spare = thin
King = k
Doublethink is a case of cognitive dissonance.
Andy B
|
|
|
|
|
We have a winner!
Well done.
I was thinking it was going to be mine again.
---------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC Link[ ^]
|
|
|
|
|
Ok, ok, I know that's not how real pirates speak (most of 'em seem to talk Somali these days), but it's that day again!
http://www.talklikeapirate.com/[^]
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
Torrents, megaupload, rapidshare...
Am I getting it right?
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
That's the one, me hearties! 
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
Tarrrrents, megarrrload, arrrpidshare
|
|
|
|
|
I stand carrrected!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
