Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people) - Page 8

Norman Alexander · 29th October 2018, 08:56 PM

When someone makes something idiot-proof, someone else invents a dumber idiot.

arthwollipot · 31st October 2018, 06:10 PM

Them: Hi, I started in the department today, and I'm trying to log on.

Me: Okay.

Them: ...

Them: ...

Them: ...

Me: Okay?

Them: ...

Them: ...

Them: ...

Me: Um, what are you asking me?

Dancing David · 1st November 2018, 11:10 AM

Originally Posted by arthwollipot

Them: Hi, I started in the department today, and I'm trying to log on.

Me: Okay.

Them: ...

Them: ...

Them: ...

Me: Okay?

Them: ...

Them: ...

Them: ...

Me: Um, what are you asking me?

Norman Alexander · 1st November 2018, 12:04 PM

Originally Posted by arthwollipot

Them: Hi, I started in the department today, and I'm trying to log on.

Me: Okay.

Them: ...

Them: ...

Them: ...

Me: Okay?

Them: ...

Them: ...

Them: ...

Me: Um, what are you asking me?

Ask if he knows how a phone works. And tell him you are not the voices in his head, so he doesn't have to tell you what he is doing right now.

Mongrel · 2nd November 2018, 02:51 PM

Originally Posted by paulhutch

Speaking with my consumer electronics design engineer hat on. Assuming "large number" means more than 0.5% then almost certainly that is either do to poor design of the phone hang up switch system or faulty hangup switches. I've thrown away or returned for credit many of phones over the last 40 years for those two reasons.

Our phones at the office had a handset that was slippy and thin, it could be hard to hold it firmly and not get your fingers in the way when trying to hang up.

arthwollipot · 4th November 2018, 03:50 PM

And it still surprises me that many staff do not know the process for requesting a password reset. And despite monthly email reminders, do not register for password self-service.

theprestige · 5th November 2018, 09:56 AM

Originally Posted by arthwollipot

And it still surprises me that many staff do not know the process for requesting a password reset. And despite monthly email reminders, do not register for password self-service.

About a year ago we started rejecting all password requests, giving the link to the self service tool as the rejection reason.

JoeMorgue · 5th November 2018, 10:03 AM

I think the simple fact that we as an industry are using passwords far, far, far beyond the point of diminishing returns on the "Security versus practicality" chart is sort of an open secret in the business right now.

Any password complex enough to be secure enough, a user is either going to constantly forget or they are going to write it down.

theprestige · 5th November 2018, 10:06 AM

Originally Posted by JoeMorgue

I think the simple fact that we as an industry are using passwords far, far, far beyond the point of diminishing returns on the "Security versus practicality" chart is sort of an open secret in the business right now.

Any password complex enough to be secure enough, a user is either going to constantly forget or they are going to write it down.

CorrectHorseBatteryStaple

Wudang · 5th November 2018, 10:09 AM

At <bigbank> they introduced a self-servicing ticket tool that you had to drill down through and the password option pointed you at the self service tool. Similarly the phone number for tickets would nag you to use the selfservice tool once you did the "press 2 for..." maze.

The biggest problem with that whole system was it was always set up to maximise the IT teams' KPIs rather than help the customer. So say you had 3 new joiners all needing email. You couldn't raise one ticket that could be split into 3 tasks. It had to be 3 tickets with no "copy details from". This wonderful book linky ( which I thoroughly recommend and have bought extra copies to give away) refers to it as "displaced complexity". You make your task easier by shoving the complexity elsewhere.

RecoveringYuppy · 5th November 2018, 11:40 AM

Originally Posted by theprestige

CorrectHorseBatteryStaple

You realize you remembered that incorrectly?

xterra · 5th November 2018, 11:51 AM

LastPass or KeePass o a similar password manager.

My personal database has 478 entries, almost none duplicates.

Problem solved.

JoeMorgue · 5th November 2018, 11:54 AM

Originally Posted by xterra

LastPass or KeePass o a similar password manager.

My personal database has 478 entries, almost none duplicates.

Problem solved.

That's great if you literally never have to log into a new device ever.

Elagabalus · 5th November 2018, 12:23 PM

Originally Posted by JoeMorgue

That's great if you literally never have to log into a new device ever.

I don't know. On my home network I have perfect password printed out on a crinkly old piece of printer paper which already had something printed on it. It's the last page on my printers stack*. When friends come over and want to use my Network I give them the piece of paper and tell them not to make any mistakes. Hilarity ensues.

*so now you know!

theprestige · 5th November 2018, 12:51 PM

Originally Posted by RecoveringYuppy

You realize you remembered that incorrectly?

Nope. I used camelCase in this thread to make it more legible to the unitiated. Capitalization doesn't actually change the underlying principle in the slightest.

Relevant xkcd: https://xkcd.com/936/

ETA: The point is that a string of four arbitrary words is both easier for a human to remember and harder for a computer to guess through brute force, than a password that conforms to a set of "difficulty" requirements like one cap, one special char, etc.

Elagabalus · 5th November 2018, 01:08 PM

Originally Posted by theprestige

Nope. I used camelCase in this thread to make it more legible to the unitiated. Capitalization doesn't actually change the underlying principle in the slightest.

Relevant xkcd: https://xkcd.com/936/

ETA: The point is that a string of four arbitrary words is both easier for a human to remember and harder for a computer to guess through brute force, than a password that conforms to a set of "difficulty" requirements like one cap, one special char, etc.

You could also write out the first letter of every word on a piece of paper in case you forget the password. It ain't like your colleagues are going to go to the trouble of trying to figure it out. They know it's probably something about your password - but who cares?*

*assuming your working in a normal business environment, of course.

RecoveringYuppy · 5th November 2018, 01:10 PM

Originally Posted by theprestige

Nope. I used camelCase in this thread to make it more legible to the unitiated. Capitalization doesn't actually change the underlying principle in the slightest.

Relevant xkcd: https://xkcd.com/936/

ETA: The point is that a string of four arbitrary words is both easier for a human to remember and harder for a computer to guess through brute force, than a password that conforms to a set of "difficulty" requirements like one cap, one special char, etc.

Yeah, I get that. The principle is the same. But spacing and capitalization make a difference to whether you've actually remembered the password/phrase correctly.

theprestige · 5th November 2018, 01:27 PM

Originally Posted by RecoveringYuppy

Yeah, I get that. The principle is the same. But spacing and capitalization make a difference to whether you've actually remembered the password/phrase correctly.

Yes they do.

However, my choice to capitalize in this case does not actually justify your assumption that I misremembered the password.

Also, a rule like "I never put caps or spaces in my password" is a lot easier to remember than "One cap, one special char, and one number, unless it's the bank, and then it's cap and char only, unless it's the other bank, and then it's char and number or cap, etc."

So once I'm allowed to use Munroe passwords, I'll have much fewer, much easier rules to remember anyway. Which is half the point of Munroe passwords.

xterra · 5th November 2018, 02:31 PM

Originally Posted by JoeMorgue

That's great if you literally never have to log into a new device ever.

If I have to log in to a new device, I set up a new entry in the database. Why is this difficult?

arthwollipot · 5th November 2018, 02:53 PM

Originally Posted by xterra

LastPass or KeePass o a similar password manager.

My personal database has 478 entries, almost none duplicates.

Problem solved.

That's great when you're working on your own computer, not so much when you're working with an 8,000-user government secure network where installation of unapproved software is prohibited by law and system policy.

I use LastPass myself. On my private, personally-owned devices.

JoeMorgue · 5th November 2018, 04:06 PM

Originally Posted by xterra

If I have to log in to a new device, I set up a new entry in the database. Why is this difficult?

Well if every device you have to login to has access to this database bully for you I guess.

theprestige · 5th November 2018, 04:57 PM

Originally Posted by JoeMorgue

Well if every device you have to login to has access to this database bully for you I guess.

It's a browser plugin/app that has access to the database and supplies the appropriate password when you connect to the site that needs it.

You're going out of your way to **** on stuff you don't know about. You're also being kind of insulting to your fellow Member.

arthwollipot · 5th November 2018, 04:59 PM

Now now let's not get salty.

theprestige · 5th November 2018, 05:07 PM

Originally Posted by arthwollipot

Now now let's not get salty.

I'm just asking Joe to give the saltshaker a bit of a rest.

xterra · 5th November 2018, 08:10 PM

Joe, my original comment wasn't intended to be salty, but I understand how you could take it that way.

The exchange did get out of hand a bit, partly because I didn't explain that KeePass, my preferred software, is a stand-alone program that encrypts its database, allows access to the program only by password, and doesn't depend on any particular browser.

Arth, yes, if you're working on a large system such as you describe, neither LastPass nor KeePass will work. On the other hand, as a sysadmin you have other methods of resetting passwords, even if only through AD.

EDIT KeePass Password Safe

arthwollipot · 5th November 2018, 08:53 PM

Originally Posted by xterra

Joe, my original comment wasn't intended to be salty, but I understand how you could take it that way.

The exchange did get out of hand a bit, partly because I didn't explain that KeePass, my preferred software, is a stand-alone program that encrypts its database, allows access to the program only by password, and doesn't depend on any particular browser.

Arth, yes, if you're working on a large system such as you describe, neither LastPass nor KeePass will work. On the other hand, as a sysadmin you have other methods of resetting passwords, even if only through AD.

Yes, the problem is that we have and always have had a procedure in place to ensure that any caller asking for a password reset is actually that person and not someone else just pretending to be them. This procedure should be common knowledge, but we still have to explain it to callers every day.

Norman Alexander · 5th November 2018, 08:54 PM

Originally Posted by arthwollipot

Yes, the problem is that we have and always have had a procedure in place to ensure that any caller asking for a password reset is actually that person and not someone else just pretending to be them. This procedure should be common knowledge, but we still have to explain it to callers every day.

Could you change my password, please? Username is ARTHWOLLIPOT.

Wudang · 6th November 2018, 02:33 AM

Originally Posted by arthwollipot

That's great when you're working on your own computer, not so much when you're working with an 8,000-user government secure network where installation of unapproved software is prohibited by law and system policy.

I use LastPass myself. On my private, personally-owned devices.

Despite having been a pentester with IBM, writing part of an IBM security manual, designing security for several systems, I hated dealing with certain aspects of security.
<big bank> security insisted every password on every system had to be different and changed every 30 (later 90) days. We had over 20,000 windows servers and they were considered niche only. Standard servers were unix-variants. We weren't to write them down or store them in any way. Complaints that it was easy for someone in IT ops to have hundreds, if not thousands, of systems to access were brushed off.

On one internal system just used to store models of services for problem triage the vendor product required the tool be able to modify the DB schema (create tables etc). Big problem. Only DBAs can modify the schema. Big security & performance risk apparently if DB drones don't read from a ticket and write DDL exactly as requested on the ticket. So I had to devise a system where the tool knew an admin password but I didn't, using CA's Automation Point (which a more cynical person than I might describe as a POS and about as secure as a paper mache fireguard but had been selected by a supposed SME who knew sod all about anything not written by CA). I'd have preferred to install something else but my previous request for approval of software was still in the assessment queue 3 years later.

When I left there were some trading areas where IT staff had management backing from on high to tell security to F off and sort themselves out but it was still dominated by people who could say "no" but not "yes" and were never held to task. Mordac the Refuser.
If a problem was caused (or included) someone writing down a password or using a guessable one, not their fault. If there was an issue because the only way to square their circle was using a weak solution, not their problem.

.....and breathe.

catsmate · 6th November 2018, 02:40 AM

Originally Posted by JoeMorgue

I think the simple fact that we as an industry are using passwords far, far, far beyond the point of diminishing returns on the "Security versus practicality" chart is sort of an open secret in the business right now.

Any password complex enough to be secure enough, a user is either going to constantly forget or they are going to write it down.

Biometrics.

catsmate · 6th November 2018, 02:45 AM

Originally Posted by arthwollipot

And it still surprises me that many staff do not know the process for requesting a password reset. And despite monthly email reminders, do not register for password self-service.

Have you tried making them come to IT with company ID? For security purposes.

novaphile · 10th November 2018, 06:56 PM

Originally Posted by Norman Alexander

Could you change my password, please? Username is ARTHWOLLIPOT.

Done.

arthwollipot · 11th November 2018, 05:27 PM

Just had someone end a call by telling me that they learned something.

Norman Alexander · 11th November 2018, 07:07 PM

Originally Posted by novaphile

Done.

Hey! I can't log into Arth's...sorry, MY ISF account now! Windows is broken!

arthwollipot · 11th November 2018, 08:18 PM

Originally Posted by Norman Alexander

Hey! I can't log into Arth's...sorry, MY ISF account now! Windows is broken!

Do you need someone to reinstall your Adobe?

xterra · 11th November 2018, 09:18 PM

Originally Posted by arthwollipot

Just had someone end a call by telling me that they learned something.

This never happens. You obviously misunderstood what the person was saying.

arthwollipot · 11th November 2018, 09:57 PM

Originally Posted by xterra

This never happens. You obviously misunderstood what the person was saying.

I was explaining what Bitlocker was.

Norman Alexander · 11th November 2018, 11:30 PM

Originally Posted by arthwollipot

Do you need someone to reinstall your Adobe?

Yes please. I want my Adobe Excel fixed.

arthwollipot · 11th November 2018, 11:50 PM

Originally Posted by Norman Alexander

Yes please. I want my Adobe Excel fixed.

And how's your Microsoft? All doing well?

plague311 · 12th November 2018, 03:17 PM

Originally Posted by arthwollipot

Just had someone end a call by telling me that they learned something.

https://media.giphy.com/media/nXxOjZrbnbRxS/giphy.gif

My boss used to do a "TILT" at the end of the day (things I learned today). It didn't last long because he mostly learned that no one checked the channel in slack he was posting it in because the only thing going in there were his TILTs.

On a completely different note, we use LastPass as a company. It's ******* slick as hell when you're in my role. We do end to end tech support for something like 70 companies. I put the app on my phone, and I can page through every company at my finger tips. If you couple it with 2FA it gets rid of pretty much every security flaw as well. I was hesitant at first, but now I absolutely love it.

Norman Alexander · 12th November 2018, 04:53 PM

Originally Posted by arthwollipot

And how's your Microsoft? All doing well?

Yes, Microsoft Ubuntu is going well.

29th October 2018, 08:56 PM	#281
Norman Alexander Philosopher Join Date: Nov 2014 Location: Gundungurra Posts: 8,773	When someone makes something idiot-proof, someone else invents a dumber idiot.
	__________________ _{...our governments are just trying to protect us from terror. In the same way that someone banging a hornets’ nest with a stick is trying to protect us from hornets. Frankie Boyle, Guardian, July 2015}

31st October 2018, 06:10 PM	#282
arthwollipot Observer of Phenomena Pronouns: he/him Join Date: Feb 2005 Location: Ngunnawal Country Posts: 70,273	Them: Hi, I started in the department today, and I'm trying to log on. Me: Okay. Them: ... Them: ... Them: ... Me: Okay? Them: ... Them: ... Them: ... Me: Um, what are you asking me?
	__________________ Please scream inside your heart.

1st November 2018, 11:10 AM	#283
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: central Illinois Posts: 39,699	Originally Posted by arthwollipot Them: Hi, I started in the department today, and I'm trying to log on. Me: Okay. Them: ... Them: ... Them: ... Me: Okay? Them: ... Them: ... Them: ... Me: Um, what are you asking me?
	__________________ I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager Never underestimate the power of the Random Number God. More of evolutionary history is His doing than people think. - Dinwar

1st November 2018, 12:04 PM	#284
Norman Alexander Philosopher Join Date: Nov 2014 Location: Gundungurra Posts: 8,773	Originally Posted by arthwollipot Them: Hi, I started in the department today, and I'm trying to log on. Me: Okay. Them: ... Them: ... Them: ... Me: Okay? Them: ... Them: ... Them: ... Me: Um, what are you asking me? Ask if he knows how a phone works. And tell him you are not the voices in his head, so he doesn't have to tell you what he is doing right now.
	__________________ _{...our governments are just trying to protect us from terror. In the same way that someone banging a hornets’ nest with a stick is trying to protect us from hornets. Frankie Boyle, Guardian, July 2015}

2nd November 2018, 02:51 PM	#285
Mongrel Begging for Scraps Join Date: Aug 2004 Location: UK, suburbia. 20 minutes in the future Posts: 2,037	Originally Posted by paulhutch Speaking with my consumer electronics design engineer hat on. Assuming "large number" means more than 0.5% then almost certainly that is either do to poor design of the phone hang up switch system or faulty hangup switches. I've thrown away or returned for credit many of phones over the last 40 years for those two reasons. Our phones at the office had a handset that was slippy and thin, it could be hard to hold it firmly and not get your fingers in the way when trying to hang up.
	__________________ “Ignorance more frequently begets confidence than does knowledge: it is those who know little, and not those who know much, who so positively assert that this or that problem will never be solved by science.” - Charles Darwin ...like so many contemporary philosophers he especially enjoyed giving helpful advice to people who were happier than he was. - Tom Lehrer

4th November 2018, 03:50 PM	#286
arthwollipot Observer of Phenomena Pronouns: he/him Join Date: Feb 2005 Location: Ngunnawal Country Posts: 70,273	And it still surprises me that many staff do not know the process for requesting a password reset. And despite monthly email reminders, do not register for password self-service.
	__________________ Please scream inside your heart.

5th November 2018, 09:56 AM	#287
theprestige Penultimate Amazing Join Date: Aug 2007 Location: Hong Kong Posts: 49,607	Originally Posted by arthwollipot And it still surprises me that many staff do not know the process for requesting a password reset. And despite monthly email reminders, do not register for password self-service. About a year ago we started rejecting all password requests, giving the link to the self service tool as the rejection reason.

5th November 2018, 10:03 AM	#288
JoeMorgue Self Employed Remittance Man Join Date: Nov 2009 Location: Florida Posts: 30,643	I think the simple fact that we as an industry are using passwords far, far, far beyond the point of diminishing returns on the "Security versus practicality" chart is sort of an open secret in the business right now. Any password complex enough to be secure enough, a user is either going to constantly forget or they are going to write it down.
	__________________ Yahtzee: "You're doing that thing again where when asked a question you just discuss the philosophy of the question instead of answering the bloody question." Gabriel: "Well yeah, you see..." Yahtzee: "No. When you are asked a Yes or No question the first word out of your mouth needs to be Yes or No. Only after that have you earned the right to elaborate."

5th November 2018, 10:06 AM	#289
theprestige Penultimate Amazing Join Date: Aug 2007 Location: Hong Kong Posts: 49,607	Originally Posted by JoeMorgue I think the simple fact that we as an industry are using passwords far, far, far beyond the point of diminishing returns on the "Security versus practicality" chart is sort of an open secret in the business right now. Any password complex enough to be secure enough, a user is either going to constantly forget or they are going to write it down. CorrectHorseBatteryStaple

5th November 2018, 10:09 AM	#290
Wudang BOFH Join Date: Jun 2003 Location: People's Republic of South Yorkshire Posts: 13,484	At <bigbank> they introduced a self-servicing ticket tool that you had to drill down through and the password option pointed you at the self service tool. Similarly the phone number for tickets would nag you to use the selfservice tool once you did the "press 2 for..." maze. The biggest problem with that whole system was it was always set up to maximise the IT teams' KPIs rather than help the customer. So say you had 3 new joiners all needing email. You couldn't raise one ticket that could be split into 3 tasks. It had to be 3 tickets with no "copy details from". This wonderful book linky ( which I thoroughly recommend and have bought extra copies to give away) refers to it as "displaced complexity". You make your task easier by shoving the complexity elsewhere.

5th November 2018, 11:40 AM	#291
RecoveringYuppy Penultimate Amazing Join Date: Nov 2006 Posts: 10,730	Originally Posted by theprestige CorrectHorseBatteryStaple You realize you remembered that incorrectly?

5th November 2018, 11:51 AM	#292
xterra So far, so good... Join Date: Apr 2012 Location: On the outskirts of Nowhere; the middle was too crowded Posts: 3,709	LastPass or KeePass o a similar password manager. My personal database has 478 entries, almost none duplicates. Problem solved.
	__________________ Over we go....

5th November 2018, 11:54 AM	#293
JoeMorgue Self Employed Remittance Man Join Date: Nov 2009 Location: Florida Posts: 30,643	Originally Posted by xterra LastPass or KeePass o a similar password manager. My personal database has 478 entries, almost none duplicates. Problem solved. That's great if you literally never have to log into a new device ever.
	__________________ Yahtzee: "You're doing that thing again where when asked a question you just discuss the philosophy of the question instead of answering the bloody question." Gabriel: "Well yeah, you see..." Yahtzee: "No. When you are asked a Yes or No question the first word out of your mouth needs to be Yes or No. Only after that have you earned the right to elaborate."

5th November 2018, 12:23 PM	#294
Elagabalus Philosopher Join Date: Dec 2013 Posts: 6,919	Originally Posted by JoeMorgue That's great if you literally never have to log into a new device ever. I don't know. On my home network I have perfect password printed out on a crinkly old piece of printer paper which already had something printed on it. It's the last page on my printers stack. When friends come over and want to use my Network I give them the piece of paper and tell them not to make any mistakes. Hilarity ensues. so now you know!
Elagabalus Philosopher Join Date: Dec 2013 Posts: 6,919

5th November 2018, 12:51 PM	#295
theprestige Penultimate Amazing Join Date: Aug 2007 Location: Hong Kong Posts: 49,607	Originally Posted by RecoveringYuppy You realize you remembered that incorrectly? Nope. I used camelCase in this thread to make it more legible to the unitiated. Capitalization doesn't actually change the underlying principle in the slightest. Relevant xkcd: https://xkcd.com/936/ ETA: The point is that a string of four arbitrary words is both easier for a human to remember and harder for a computer to guess through brute force, than a password that conforms to a set of "difficulty" requirements like one cap, one special char, etc.
	Last edited by theprestige; 5th November 2018 at 12:57 PM.

5th November 2018, 01:08 PM	#296
Elagabalus Philosopher Join Date: Dec 2013 Posts: 6,919	Originally Posted by theprestige Nope. I used camelCase in this thread to make it more legible to the unitiated. Capitalization doesn't actually change the underlying principle in the slightest. Relevant xkcd: https://xkcd.com/936/ ETA: The point is that a string of four arbitrary words is both easier for a human to remember and harder for a computer to guess through brute force, than a password that conforms to a set of "difficulty" requirements like one cap, one special char, etc. You could also write out the first letter of every word on a piece of paper in case you forget the password. It ain't like your colleagues are going to go to the trouble of trying to figure it out. They know it's probably something about your password - but who cares?* *assuming your working in a normal business environment, of course.
Elagabalus Philosopher Join Date: Dec 2013 Posts: 6,919

5th November 2018, 01:10 PM	#297
RecoveringYuppy Penultimate Amazing Join Date: Nov 2006 Posts: 10,730	Originally Posted by theprestige Nope. I used camelCase in this thread to make it more legible to the unitiated. Capitalization doesn't actually change the underlying principle in the slightest. Relevant xkcd: https://xkcd.com/936/ ETA: The point is that a string of four arbitrary words is both easier for a human to remember and harder for a computer to guess through brute force, than a password that conforms to a set of "difficulty" requirements like one cap, one special char, etc. Yeah, I get that. The principle is the same. But spacing and capitalization make a difference to whether you've actually remembered the password/phrase correctly.

5th November 2018, 01:27 PM	#298
theprestige Penultimate Amazing Join Date: Aug 2007 Location: Hong Kong Posts: 49,607	Originally Posted by RecoveringYuppy Yeah, I get that. The principle is the same. But spacing and capitalization make a difference to whether you've actually remembered the password/phrase correctly. Yes they do. However, my choice to capitalize in this case does not actually justify your assumption that I misremembered the password. Also, a rule like "I never put caps or spaces in my password" is a lot easier to remember than "One cap, one special char, and one number, unless it's the bank, and then it's cap and char only, unless it's the other bank, and then it's char and number or cap, etc." So once I'm allowed to use Munroe passwords, I'll have much fewer, much easier rules to remember anyway. Which is half the point of Munroe passwords.

5th November 2018, 02:31 PM	#299
xterra So far, so good... Join Date: Apr 2012 Location: On the outskirts of Nowhere; the middle was too crowded Posts: 3,709	Originally Posted by JoeMorgue That's great if you literally never have to log into a new device ever. If I have to log in to a new device, I set up a new entry in the database. Why is this difficult?
	__________________ Over we go....

5th November 2018, 02:53 PM	#300
arthwollipot Observer of Phenomena Pronouns: he/him Join Date: Feb 2005 Location: Ngunnawal Country Posts: 70,273	Originally Posted by xterra LastPass or KeePass o a similar password manager. My personal database has 478 entries, almost none duplicates. Problem solved. That's great when you're working on your own computer, not so much when you're working with an 8,000-user government secure network where installation of unapproved software is prohibited by law and system policy. I use LastPass myself. On my private, personally-owned devices.
	__________________ Please scream inside your heart.

5th November 2018, 04:06 PM	#301
JoeMorgue Self Employed Remittance Man Join Date: Nov 2009 Location: Florida Posts: 30,643	Originally Posted by xterra If I have to log in to a new device, I set up a new entry in the database. Why is this difficult? Well if every device you have to login to has access to this database bully for you I guess.
	__________________ Yahtzee: "You're doing that thing again where when asked a question you just discuss the philosophy of the question instead of answering the bloody question." Gabriel: "Well yeah, you see..." Yahtzee: "No. When you are asked a Yes or No question the first word out of your mouth needs to be Yes or No. Only after that have you earned the right to elaborate."

5th November 2018, 04:57 PM	#302
theprestige Penultimate Amazing Join Date: Aug 2007 Location: Hong Kong Posts: 49,607	Originally Posted by JoeMorgue Well if every device you have to login to has access to this database bully for you I guess. It's a browser plugin/app that has access to the database and supplies the appropriate password when you connect to the site that needs it. You're going out of your way to **** on stuff you don't know about. You're also being kind of insulting to your fellow Member.

5th November 2018, 04:59 PM	#303
arthwollipot Observer of Phenomena Pronouns: he/him Join Date: Feb 2005 Location: Ngunnawal Country Posts: 70,273	Now now let's not get salty.
	__________________ Please scream inside your heart.

5th November 2018, 05:07 PM	#304
theprestige Penultimate Amazing Join Date: Aug 2007 Location: Hong Kong Posts: 49,607	Originally Posted by arthwollipot Now now let's not get salty. I'm just asking Joe to give the saltshaker a bit of a rest.

5th November 2018, 08:10 PM	#305
xterra So far, so good... Join Date: Apr 2012 Location: On the outskirts of Nowhere; the middle was too crowded Posts: 3,709	Joe, my original comment wasn't intended to be salty, but I understand how you could take it that way. The exchange did get out of hand a bit, partly because I didn't explain that KeePass, my preferred software, is a stand-alone program that encrypts its database, allows access to the program only by password, and doesn't depend on any particular browser. Arth, yes, if you're working on a large system such as you describe, neither LastPass nor KeePass will work. On the other hand, as a sysadmin you have other methods of resetting passwords, even if only through AD. EDIT KeePass Password Safe
	__________________ Over we go.... Last edited by xterra; 5th November 2018 at 08:16 PM.

5th November 2018, 08:53 PM	#306
arthwollipot Observer of Phenomena Pronouns: he/him Join Date: Feb 2005 Location: Ngunnawal Country Posts: 70,273	Originally Posted by xterra Joe, my original comment wasn't intended to be salty, but I understand how you could take it that way. The exchange did get out of hand a bit, partly because I didn't explain that KeePass, my preferred software, is a stand-alone program that encrypts its database, allows access to the program only by password, and doesn't depend on any particular browser. Arth, yes, if you're working on a large system such as you describe, neither LastPass nor KeePass will work. On the other hand, as a sysadmin you have other methods of resetting passwords, even if only through AD. Yes, the problem is that we have and always have had a procedure in place to ensure that any caller asking for a password reset is actually that person and not someone else just pretending to be them. This procedure should be common knowledge, but we still have to explain it to callers every day.
	__________________ Please scream inside your heart.

5th November 2018, 08:54 PM	#307
Norman Alexander Philosopher Join Date: Nov 2014 Location: Gundungurra Posts: 8,773	Originally Posted by arthwollipot Yes, the problem is that we have and always have had a procedure in place to ensure that any caller asking for a password reset is actually that person and not someone else just pretending to be them. This procedure should be common knowledge, but we still have to explain it to callers every day. Could you change my password, please? Username is ARTHWOLLIPOT.
	__________________ _{...our governments are just trying to protect us from terror. In the same way that someone banging a hornets’ nest with a stick is trying to protect us from hornets. Frankie Boyle, Guardian, July 2015}

6th November 2018, 02:33 AM	#308
Wudang BOFH Join Date: Jun 2003 Location: People's Republic of South Yorkshire Posts: 13,484	Originally Posted by arthwollipot That's great when you're working on your own computer, not so much when you're working with an 8,000-user government secure network where installation of unapproved software is prohibited by law and system policy. I use LastPass myself. On my private, personally-owned devices. Despite having been a pentester with IBM, writing part of an IBM security manual, designing security for several systems, I hated dealing with certain aspects of security. <big bank> security insisted every password on every system had to be different and changed every 30 (later 90) days. We had over 20,000 windows servers and they were considered niche only. Standard servers were unix-variants. We weren't to write them down or store them in any way. Complaints that it was easy for someone in IT ops to have hundreds, if not thousands, of systems to access were brushed off. On one internal system just used to store models of services for problem triage the vendor product required the tool be able to modify the DB schema (create tables etc). Big problem. Only DBAs can modify the schema. Big security & performance risk apparently if DB drones don't read from a ticket and write DDL exactly as requested on the ticket. So I had to devise a system where the tool knew an admin password but I didn't, using CA's Automation Point (which a more cynical person than I might describe as a POS and about as secure as a paper mache fireguard but had been selected by a supposed SME who knew sod all about anything not written by CA). I'd have preferred to install something else but my previous request for approval of software was still in the assessment queue 3 years later. When I left there were some trading areas where IT staff had management backing from on high to tell security to F off and sort themselves out but it was still dominated by people who could say "no" but not "yes" and were never held to task. Mordac the Refuser. If a problem was caused (or included) someone writing down a password or using a guessable one, not their fault. If there was an issue because the only way to square their circle was using a weak solution, not their problem. .....and breathe.

6th November 2018, 02:40 AM	#309
catsmate No longer the 1 Join Date: Apr 2007 Posts: 23,851	Originally Posted by JoeMorgue I think the simple fact that we as an industry are using passwords far, far, far beyond the point of diminishing returns on the "Security versus practicality" chart is sort of an open secret in the business right now. Any password complex enough to be secure enough, a user is either going to constantly forget or they are going to write it down. Biometrics.
	__________________ As human right is always something given, it always in reality reduces to the right which men give, "concede," to each other. If the right to existence is conceded to new-born children, then they have the right; if it is not conceded to them, as was the case among the Spartans and ancient Romans, then they do not have it. For only society can give or concede it to them; they themselves cannot take it, or give it to themselves.

6th November 2018, 02:45 AM	#310
catsmate No longer the 1 Join Date: Apr 2007 Posts: 23,851	Originally Posted by arthwollipot And it still surprises me that many staff do not know the process for requesting a password reset. And despite monthly email reminders, do not register for password self-service. Have you tried making them come to IT with company ID? For security purposes.
	__________________ As human right is always something given, it always in reality reduces to the right which men give, "concede," to each other. If the right to existence is conceded to new-born children, then they have the right; if it is not conceded to them, as was the case among the Spartans and ancient Romans, then they do not have it. For only society can give or concede it to them; they themselves cannot take it, or give it to themselves.

10th November 2018, 06:56 PM	#311
novaphile Quester of Doglets Moderator Join Date: Dec 2009 Location: Sunny South Australia Posts: 2,938	Originally Posted by Norman Alexander Could you change my password, please? Username is ARTHWOLLIPOT. Done.
	__________________ We would be better, and braver, to engage in enquiry, rather than indulge in the idle fancy, that we already know -- Plato.

11th November 2018, 05:27 PM	#312
arthwollipot Observer of Phenomena Pronouns: he/him Join Date: Feb 2005 Location: Ngunnawal Country Posts: 70,273	Just had someone end a call by telling me that they learned something.
	__________________ Please scream inside your heart.

11th November 2018, 07:07 PM	#313
Norman Alexander Philosopher Join Date: Nov 2014 Location: Gundungurra Posts: 8,773	Originally Posted by novaphile Done. Hey! I can't log into Arth's...sorry, MY ISF account now! Windows is broken!
	__________________ _{...our governments are just trying to protect us from terror. In the same way that someone banging a hornets’ nest with a stick is trying to protect us from hornets. Frankie Boyle, Guardian, July 2015}

11th November 2018, 08:18 PM	#314
arthwollipot Observer of Phenomena Pronouns: he/him Join Date: Feb 2005 Location: Ngunnawal Country Posts: 70,273	Originally Posted by Norman Alexander Hey! I can't log into Arth's...sorry, MY ISF account now! Windows is broken! Do you need someone to reinstall your Adobe?
	__________________ Please scream inside your heart.

11th November 2018, 09:18 PM	#315
xterra So far, so good... Join Date: Apr 2012 Location: On the outskirts of Nowhere; the middle was too crowded Posts: 3,709	Originally Posted by arthwollipot Just had someone end a call by telling me that they learned something. This never happens. You obviously misunderstood what the person was saying.
	__________________ Over we go....