[Cialug] Password Resets
Justin Richeson
neomatrixjr at gmail.com
Tue Jun 29 19:37:27 UTC 2021
I'm not saying that's what we do for a password policy...that's what the
Devil SysAdmin on my shoulder wants to implement.
On Tue, Jun 29, 2021 at 11:06 AM Brett Neese <brneese at brneese.com> wrote:
> Yeah, that's what I use everywhere else, I just have a hard time typing
> anything I can't see.
>
> It's not a matter of what the words are as it is a matter of the length
> that is needed to generate sufficient entropy, and the shitty keyboard on
> that particular machine that always causes my fingers to slip at some
> point. A lot of this would be solved by my admin enabling the feature on
> Windows where you can press a little button to see the password briefly,
> but alas, someone might break into my apartment and peer over my shoulder
> at the exact moment I press said button to reveal my password.
>
> Brett Neese
> 563-210-3459
>
>
>
> On Tue, Jun 29, 2021 at 10:48 AM Dave Hala <dave at 58ghz.net> wrote:
>
> > Sounds like some type of biometric authentication might be a better
> option
> > for you.
> >
> >
> >
> >
> >
> >
> > On Tue, Jun 29, 2021 at 10:41 AM Brett Neese <brneese at brneese.com>
> wrote:
> >
> > > My password is the standard "a bunch of random words strung together
> > with a
> > > delimiter," but the keyboard on my work laptop (which I hardly ever
> use)
> > is
> > > terrible, so I've been known to enter it incorrectly far more than 6
> > times
> > > in a row. I would definitely be fired from Justin's company.
> > >
> > > Brett Neese
> > > 563-210-3459
> > >
> > >
> > >
> > > On Mon, Jun 28, 2021 at 4:46 PM jim kraai <jimgkraai at gmail.com> wrote:
> > >
> > > > https://media.giphy.com/media/NFl9JyJQANdGE/giphy.gif
> > > >
> > > > On Sun, Jun 27, 2021 at 11:21 PM Justin Richeson <
> > neomatrixjr at gmail.com>
> > > > wrote:
> > > >
> > > > > Do not give the user a password...for giving the user a password
> > gives
> > > > them
> > > > > the opportunity to f__k it up 6 times and lock out again. Instead,
> > > > invest
> > > > > your many hours of password resets into creating a secure password
> > > reset
> > > > > system...and teach users to fix their own f__k-ups.
> > > > > Then, convince your company to fire anyone that resets their
> > passwords
> > > > more
> > > > > than twice in any given day more than 3 times...'cause that person
> > > ain't
> > > > > smart enough for office work.
> > > > >
> > > > > On Fri, Jun 25, 2021 at 8:41 AM kristau <kristau at protonmail.com>
> > > wrote:
> > > > >
> > > > > > I feel for you, sir!
> > > > > >
> > > > > > I especially enjoyed the "tried every different combination"
> part.
> > > > Phil,
> > > > > > every different combination of that exact string is a set of 1. I
> > > just
> > > > > > about sprayed coffee over my keyboard.
> > > > > >
> > > > > > Thanks!
> > > > > > kristau
> > > > > >
> > > > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > > > > >
> > > > > > On Thursday, June 24th, 2021 at 9:43 AM, Todd Walton <
> > > > tdwalton at gmail.com
> > > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > No matter how hard a person tries, he or she is never going to
> > > escape
> > > > > > >
> > > > > > > users... they're always there... lurking around the next
> > corner...
> > > > > ready
> > > > > > >
> > > > > > > to launch upon the unsuspecting IT person such offenses as "the
> > > > > password
> > > > > > >
> > > > > > > reset". Let's call my attacker Phil.
> > > > > > >
> > > > > > > An IM transcript:
> > > > > > >
> > > > > > > 14:46 Phil: That password "password" is not working
> > > > > > >
> > > > > > > 14:47 Phil: Wait. It worked!
> > > > > > >
> > > > > > > 14:49 Phil: tried every differnet combination and no luck
> > > > > > >
> > > > > > > 14:51 Me: Every different combination of what?
> > > > > > >
> > > > > > > 14:51 Me: Your password worked? Or didn't work?
> > > > > > >
> > > > > > > 14:52 Phil: password
> > > > > > >
> > > > > > > Phil, that isn't even English syntax. You gotta help me out,
> > > buddy. I
> > > > > > >
> > > > > > > literally set your password to "password" and told you that's
> > what
> > > it
> > > > > > was.
> > > > > > >
> > > > > > > All you gotta do is type "password". You could even cut and
> paste
> > > the
> > > > > > >
> > > > > > > actual word into the password field.
> > > > > > >
> > > > > > > I like the customer support aspect of my job. I like creating
> > > > satisfied
> > > > > > >
> > > > > > > customers. I know it's a little dorky, but I cheered when Tron
> > said
> > > > "I
> > > > > > >
> > > > > > > fight for the user!" But people like Phil really test the
> > limits. I
> > > > > spent
> > > > > > >
> > > > > > > an hour on this password reset. I'm not help desk. Resetting
> > > > passwords
> > > > > > >
> > > > > > > isn't my primary reason for being employed. Oy, the literal
> > > headache.
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> > > > > > >
> > > > > > > Todd
> > > > > > >
> > > > > > > Cialug mailing list
> > > > > > >
> > > > > > > Cialug at cialug.org
> > > > > > >
> > > > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > > > _______________________________________________
> > > > > > Cialug mailing list
> > > > > > Cialug at cialug.org
> > > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > > >
> > > > > _______________________________________________
> > > > > Cialug mailing list
> > > > > Cialug at cialug.org
> > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > >
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> >
> >
> > --
> > NIFCAP -The Premier Client Intake System for Non-Profit Organizations.
> > https://www.osis.us
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
More information about the Cialug
mailing list