Please login, Please login



  • This morning I am doing required training.  I'm working in the military health system and we have some required training that has to get done periodically.  In this case it's on HIPAA.  Right now I'm sitting at the login page.  To get to the login page I had to first log into the systey using my CAC (AKA Smart Card) and the PIN for that card. 

    Did you get that?  I'm at the login page where I enter in my user name and password AFTER I logged into the system using the smart card.

    BTW: Yesterday when I logged in it said I had to change my password because it didn't meet minimum strength requirements.  As I'd copied the password out of another document I simply pasted the same one I'd just logged in with into the new password controls.  Yea, it worked.

    MArk B.



  •  So your smart card allows you to login to the login screen? Well, at least it's secure front fence. How about the back entrance?



  • @Mole said:

    How about the back entrance?

    Still sore.



  • @morbiuswilters said:

    Still sore.
     

    Like a paper cut—except from a creditcard form factor.



  • Similar situation at college. To get your assigments on the school machines:

    1. Turn on computer. Log into Windows with your ID and password.
    2. Open web browser. Log into college website with same ID and password.
    3. Click link for assignments page. Log into "secure area" with same ID and password.

  • Garbage Person

    @SteamBoat said:

    Did you get that?  I'm at the login page where I enter in my user name and password AFTER I logged into the system using the smart card.
    ... Yeah, and? Two-factor authentication. Something you know (your password), something you have (your smart card). PINs are pretty damned irrelevant, since most morons will have them written on or near where they keep the smart card.



  • @Weng said:

    Something you know (your password), something you have (your smart card). PINs are pretty damned irrelevant, since most morons will have them written on or near where they keep the smart card.
    PROTIP: PINs and Passwords are essentially the same thing, and have the same issues. Where a PIN might be written on a card cover, a password will more likely be so.



  • @Lingerance said:

    @Weng said:
    Something you know (your password), something you have (your smart card). PINs are pretty damned irrelevant, since most morons will have them written on or near where they keep the smart card.
    PROTIP: PINs and Passwords are essentially the same thing, and have the same issues. Where a PIN might be written on a card cover, a password will more likely be so.

    This is why all of the software I write requires the password to be composed entirely of non-printable control characters, with a minimum length of 32.



  • @lolwtf said:

    Similar situation at college. To get your assigments on the school machines:
    1) Turn on computer. Log into Windows with your ID and password.
    2) Open web browser. Log into college website with same ID and password.
    3) Click link for assignments page. Log into "secure area" with same ID and password.

    No biggie.  Somebody glued together three off the shelf systems with a Single Sign On system.  It's better than three different password and worse than a seamless experience.  I have eleven user names and passwords to access the systems I need to do my job.  When you get hired where I work, you are issued the following logons:

    • PC/Email
    • Timesheet system
    • HR
    • Help desk software
    • Computer based training system
    • 401K
    • Health related benefits system
    • Self-service password reset system

    That's all for a user with no special access to anything.  I'm doing my best to not make it any worse -- I maintain about twenty applications and all of them seamlessly integrate with OS authentication.



  •  You have a username and password for the self-service password reset system? That must be a fun call to support - "Hi, I've forgotten my password to reset my passwords".


  • Garbage Person

     Yes, but the PIN will be written on the card - and the password somewhere else entirely - probably on a stickynote under the keyboard.



  • @Mole said:

     You have a username and password for the self-service password reset system? That must be a fun call to support - "Hi, I've forgotten my password to reset my passwords".

     We have a phone system that requires the (only) admin password to be reset before it expires, otherwise it locks the (only) account. If we didn't have physical access to reset it, this would be a problem. Fortunately, we don't need the phone system working to get into the office. Unlike our clients who have their electronic door locks controlled from inside their electronically locked server room. They had a lengthy power-cut a while ago, and the lock-control box didn't come back up...



  • Meh.

    I have to :

    1: Log into a pre-boot encryption thingy on my laptop

    2: log into the laptop

    3: log into VPN, with a generated Soft Token

    4: log into a vpn validation web site with a PIN

    5: log into the corporate network

    Each step also requires a username and password (including the VPN and VPN Valdation), which are exactly the same at every step.



  • @Weng said:

     Yes, but the PIN will be written on the card - and the password somewhere else entirely - probably on a stickynote under the keyboard.

     

    Hey! Be fair, here. Not all users are idiots!

    Sometimes the sticky note is on the side of the monitor.



  • @Mole said:

     You have a username and password for the self-service password reset system? That must be a fun call to support - "Hi, I've forgotten my password to reset my passwords".

    They thought of that....  In addition to a password, you have five secret questions.  If you forgot your password to the password reset system, then you have to answer three of the five questions, randomly chosen.  Then you can get into the system and use it to reset your password reset password.  We have a link to the password reset system on the login screens of our Windows computers, so you don't need to log in to use it.

    So, if two of the secret questions are hard and three are easy, then all someone would have to do is keep trying until they got the combination of three easy questions.  Even better, they can do it anonymously from anywhere, including remoting into an unattended workstation.


  • Discourse touched me in a no-no place

    @Jaime said:

    They thought of that....  In addition to a password, you have five secret
    questions. 
    Favourite colour, mother's maiden name, first pet....



    'red' as your mother's maiden name is unacceptable since it's less than 128 characters.



    Am I close?



  • @blakeyrat said:

    @Weng said:

     Yes, but the PIN will be written on the card - and the password somewhere else entirely - probably on a stickynote under the keyboard.

     

    Hey! Be fair, here. Not all users are idiots!

    Sometimes the sticky note is on the side of the monitor.

    Or, if they're really computer savvy, under the keyboard.


  • @bstorer said:

    @blakeyrat said:

    @Weng said:

     Yes, but the PIN will be written on the card - and the password somewhere else entirely - probably on a stickynote under the keyboard.

     

    Hey! Be fair, here. Not all users are idiots!

    Sometimes the sticky note is on the side of the monitor.

    Or, if they're really computer savvy, under the keyboard.
    If they're really clever, they'll have dozens of sticky notes with random garbage all over the monitor, a sticky note with another fake password under the keyboard, and a sticky note with the real password under the chair.


  •  Coworker of mine once had this culmination of sticky notes on his monitor. It looked like a sunflower.



  • I once got to maintain an older app so chock full of bugs that there was hardly any functionality working. I created a couple test scripts, collected as many bugs as I could find, wrote them all on sticky notes and stuck them to the wall.

    They didn't have any bug tracking software, but of course I could have done sth in Excel or whatever. The point however was to show the boss (who was also the sales rep) that he really shouldn't promise any new functionality (or even installations) before the wall would be visible again.

    Part of the reason the app had gotten that bad, was that my predecessor would be working on functionality X, the boss would come in and shout "we need functionality Y tomorrow!" and he would drop everything and start on Y. By showing the boss how much of a mess the app had become, he started to understand the implications of that.

    In the end, I solved most bugs in a week or two, and it was incredibly satisfying to see the stickies disappear. Of course, occasionally whole chunks of stickies (I grouped them) would just fall off the wall and occasionally be cleaned up by the cleaning lady, another advantage.



  • @b_redeker said:

    Of course, occasionally whole chunks of stickies would just fall off the wall and occasionally be cleaned up by the cleaning lady,
     

    Just one of the many ways in which the cleaners have a significant influence in IT processes.



  • @dhromed said:

    Just one of the many ways in which the cleaners have a significant influence in IT processes.
    There are others?  besides stealing my stuff after hours and watering my laptop hoping for tulips to grow out?



  • @belgariontheking said:

    There are others? 
     

    Such as unplugging the UPS for their vaccum cleaner.



  • Or even better, plugging their floor buffer into the UPS.

    (Although, fair enough,it was because the IT dept plugged an extension lead into the UPS rather than plugging each item of equipment directly into the UPS using the correct IEC-15 plugs)



  • :belt_onion:

    @Jaime said:

    In addition to a password, you have five secret questions. If you forgot your password to the password reset system, then you have to answer three of the five questions, randomly chosen.

    That's easy!

    • What is your name?
    • What is your quest?
    • What is your favorite color?
    • What is the capital of Assyria?
    • What is the air-speed velocity of an unladen swallow?



  • @bjolling said:

    @Jaime said:
    In addition to a password, you have five secret questions. If you forgot your password to the password reset system, then you have to answer three of the five questions, randomly chosen.

    That's easy!

    • What is your name?
    • What is your quest?
    • What is your favorite color?
    • What is the capital of Assyria?
    • What is the air-speed velocity of an unladen swallow?

    An African or European swallow?



  • @derula said:

    Filed under: too obvious?
    It was so obvious that it wrapped back around again and nobody expected it.<input name="ctl00$ctl00$bcr$bcr$ctl00$PostList$ctl27$ctl23$ctl01" id="ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl27_ctl23_ctl01_State" value="value:Filed%20under%3A%20%3Ca%20href%3D%22%2Ftags%2Ftoo%2Bobvious_3F00_%2Fdefault.aspx%22%20rel%3D%22tag%22%3Etoo%20obvious%3F%3C%2Fa%3E" type="hidden">



  • @bstorer said:

    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?



  • @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.



  • @morbiuswilters said:

    @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.

     

    This is similar to that time Morbiuswilters posted a mild-mannered microflame to correct some poor sap.

    Almost, but not quite entirely unlike that time.



  •  Aw shit, I missed my 4,000th post anniversary.

    : (



  • @dhromed said:

    @morbiuswilters said:

    @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.

     

    This is similar to that time Morbiuswilters posted a mild-mannered microflame to correct some poor sap.

    Almost, but not quite entirely unlike that time.

    I like derula; I'm just pulling his leg.  At least he isn't a fag like dhromed.



  • @morbiuswilters said:

    @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.

    How do you know he isn't using one's complement?  He's in Europe; they're all retarded over there.



  • Yawn, btdtbtt.



    My work laptop I use at home, connected to the work hub thru Contivity.

    1. Switch on, type in a password to get through the front page.
    2. Ctrl-alt-delete, enter password. Wait for Windows to boot, wait for Jabber to stop piddling about (it can't log in anyway at this point).
    3. Fire up Contivity, enter password. Wait for Contivity to connect via my wireless router, wait for laptop to reboot (it has to do that for security reasons).
    4. Ctrl-alt-delete, enter password. Wait for Windows to boot, wait for Jabber to connect.
    5. Open Outlook. Oh fuck, I've lost my connection. Re-connect. Too many sessions open. Bugger. Restart Contivity. Bah, won't work. Reboot. Back to step 2.

    Almost makes me not want to do any unpaid overtime.


    And why won't this fucking editor format the text like I enter it, you bunch of cunts?



    Fixed formatting --Ling



  • @bstorer said:

    @morbiuswilters said:

    @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.

    How do you know he isn't using one's complement?  He's in Europe; they're all retarded over there.

    One's complement doesn't use a sign bit.



  • @bstorer said:

    @morbiuswilters said:

    @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.

    How do you know he isn't using one's complement?  He's in Europe; they're all retarded over there.

    wee izzunt retarded. mutch.



  • @Matt Westwood said:

    And why won't this fucking editor format the text like I enter it, you bunch of cunts?
     

    Because you're using a fucked browser, fuckface.

    @Matt Westwood said:

    btdtbtt.

    You seem to have quite the stutter. A little application of BTK's wang to the lips, twice a day, should fix that nicely.

     



  • @morbiuswilters said:

    At least he isn't a fag like dhromed.

    You weren't complaining so much last night, when I tenderly came inside you.



  • @dhromed said:

    @morbiuswilters said:

    At least he isn't a fag like dhromed.

    You weren't complaining so much last night, when I tenderly came inside you.

    There was nothing tender about it, cowboy.  *wink*



  • @dhromed said:

    @Matt Westwood said:

    And why won't this fucking editor format the text like I enter it, you bunch of cunts?
     

    Because you're using a fucked browser, fuckface.

    @Matt Westwood said:

    btdtbtt.

    You seem to have quite the stutter. A little application of BTK's wang to the lips, twice a day, should fix that nicely.

     

    Mmm! Mwah, mwah. Feel better already.



  • @morbiuswilters said:

    homosexual innuendo
     

    We've been doing innuendo?

    I cannae imagine what you would be like if you were explicit.

    Wow.



  • @morbiuswilters said:

    @bstorer said:

    @morbiuswilters said:

    @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.

    How do you know he isn't using one's complement?  He's in Europe; they're all retarded over there.

    One's complement doesn't use a sign bit.

    Well, sure, one's complement doesn't use a sign bit in America.  We aren't retarded.


  • Trolleybus Mechanic

    @morbiuswilters said:

    I like derula; I'm just pulling his leg.  At least he isn't a fag like dhromed.
     

    That isnt' derula's leg you're pulling, hypocrite.



  • @bstorer said:

    @morbiuswilters said:

    @bstorer said:

    @morbiuswilters said:

    @derula said:

    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.

    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?

    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.

    How do you know he isn't using one's complement?  He's in Europe; they're all retarded over there.

    One's complement doesn't use a sign bit.

    Well, sure, one's complement doesn't use a sign bit in America.  We aren't retarded.

    Excellent point.



  • @Lorne Kates said:

    @morbiuswilters said:

    I like derula; I'm just pulling his leg.  At least he isn't a fag like dhromed.
     

    That isnt' derula's leg you're pulling, hypocrite.

     

    Whose leg is it, then?



  • @bstorer said:

    @morbiuswilters said:
    @bstorer said:
    @morbiuswilters said:
    @derula said:
    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.
    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?
    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.
    How do you know he isn't using one's complement?  He's in Europe; they're all retarded over there.
    One's complement doesn't use a sign bit.
    Well, sure, one's complement doesn't use a sign bit in America.  We aren't retarded.

    Shows how ignorant you Americans are. Two's complement uses a sign bit in Europe! You probably haven't even heard of the 33-bit architecture that is common here? Basically it works like this: to every register there is an additional bit. And after every processor instruction, this bit gets set to 1 if the contents of the corresponding register are greater than 231 or set to 0 if the contents are less than 231. It's used as a protection mechanism against int overflow. Your retarded American machines don't have that!



  • @derula said:

    @bstorer said:
    @morbiuswilters said:
    @bstorer said:
    @morbiuswilters said:
    @derula said:
    @bstorer said:
    It was so obvious that it wrapped back around again and nobody expected it.
    You mean, like when Integers become so big that the sign bit accidentally gets toggled and the number which should have been incremented by one is now suddenly the lowest number possible (=integer overflow)?
    Sort of how when there's a metaphor invoking integer overflow there's always some poor sap who drops the phrase "sign bit" showing that he doesn't understand binary representation of signed ints.
    How do you know he isn't using one's complement?  He's in Europe; they're all retarded over there.
    One's complement doesn't use a sign bit.
    Well, sure, one's complement doesn't use a sign bit in America.  We aren't retarded.

    Shows how ignorant you Americans are. Two's complement uses a sign bit in Europe! You probably haven't even heard of the 33-bit architecture that is common here? Basically it works like this: to every register there is an additional bit. And after every processor instruction, this bit gets set to 1 if the contents of the corresponding register are greater than 231 or set to 0 if the contents are less than 231. It's used as a protection mechanism against int overflow. Your retarded American machines don't have that!

    That sounds dumb.  We have a new system that is much more sophisticated.  We also have 32-bit registers, but each one has a 32-bit carry flag.  That way we can know how badly our calculation has overflown the register.



  •  @bstorer said:

    We also have 32-bit registers, but each one has a 32-bit carry flag.  That way we can know how badly our calculation has overflown the register.

    <font size="2" face="VERDANA">Zoidberg: "All 6000 hulls have been breached!"
    Fry: "Oh, the fools! If only they'd built it with 6000 and one hulls! When will they learn?!?"</font>



  • @blakeyrat said:

     @bstorer said:

    We also have 32-bit registers, but each one has a 32-bit carry flag.  That way we can know how badly our calculation has overflown the register.

    <font face="VERDANA" size="2">Zoidberg: "All 6000 hulls have been breached!"
    Fry: "Oh, the fools! If only they'd built it with 6000 and one hulls! When will they learn?!?"</font>

    But the largest operands of any operation are 32-bit.  That's why we built 64-bit computers, so no single 32-bit operation could result in integer overflow.



  •  I had salmon yesterday.


Log in to reply