Cloud Insecurity
-
As I'm configuring our production instance behind which commercially sensitive information will be stored, it's comforting to know that this set of challenge questions will keep my company's data absolutely safe.
Note: It's the same four options for each of the challenge questions, and it's mandatory to set three of them. And you can't use duplicate questions. And yes, I can use misleading answers to make it harder to crack, but I can't force the more technically naïve end users to do the same thing, and it only takes one set of easy answers to cause a data breach.
Fortunately I'm not looking after the instance with all the really sensitive information on it (which is moving to the same cloud, but may have a different password / security question setup; I haven't seen it, I don't know). But nobody seems much concerned about that one either. So apparently all is well.
-
What happens if you choose the fourth question and enter “Blue” as the answer?
-
... it uses "Blue" as the answer. I'm not sure why you would expect anything else (it's not as if you were asking about "Red", after all).
Though as it happens "Red" is also an acceptable answer; the lower limit for answer length is 1 character.
-
Flagged for a "wooosh"...
-
As I'm configuring our production instance behind which commercially sensitive information will be stored, it's comforting to know that this set of challenge questions will keep my company's data absolutely safe.
<img src="/uploads/default/9622/36cf8d467ddb0c0a.png" width="326" height="111">
Note: It's the same four options for each of the challenge questions, and it's mandatory to set three of them. And you can't use duplicate questions. And yes, I can use misleading answers to make it harder to crack, but I can't force the more technically naïve end users to do the same thing, and it only takes one set of easy answers to cause a data breach.
Fortunately I'm not looking after the instance with all the really sensitive information on it (which is moving to the same cloud, but may have a different password / security question setup; I haven't seen it, I don't know). But nobody seems much concerned about that one either. So apparently all is well.
Your post is empty for me. Though quoting still works. What do we have to say about that, @Discoursebot?
Of course, the image still doesn't work when quoting. Because, you know. Discourse.
Let me have a go manually:
http://what.thedailywtf.com/uploads/default/9622/36cf8d467ddb0c0a.pngFuck it, I give up.
-
@Evo - Days Since Last Discourse Bug: 0
-
Given that there is a common failure mode for that specific question where it won't accept too-short answers, I wasn't sure whether the intent was genuine or not, but it piqued my curiosity so I figured I might as well find out and answer.
So yeah, given this forum, possibly deserving of a "whoosh" badge, but I did consider the possibility. Rest assured that "Blue" is not in fact my answer to that question :)
-
I'm trying to come up with a reasonable answer that would be correct for all four questions. None of the colors mentioned in Professor Ludwig Von Drake's "Spectrum Song" sounds entirely natural in every position, although there might be a city named "Black" or "Lavender" somewhere.
-
Lavender town is a famous place, at least among gamers.
If you don't know why, just listen to this:
http://www.youtube.com/watch?v=JNJJ-QkZ8cM
-
I'm trying to come up with a reasonable answer that would be correct for all four questions.
Moccasin
Peru
Salmon
Sienna
-
-
-
In France:
-
-
If the correct answer was "Yellow" and you enter "Blue", quite literally "wooosh" followed by "aaaaaa..."
-
I'm trying to come up with a reasonable answer that would be correct for all four questions.
I generally get my answers to that kind of question from here. Dear little nkwjw.duigy.cxkhn.widnh.jshcs, I remember her fondly.
-
a reasonable answer that would be correct for all four questions
Some wish-it-was-two-factor sites won't let you use the same answer for multiple security questions. MyGov is like that, which is particularly irritating because it makes you answer a security question on every single login.
At least they let you write your own questions. You have to have at least 5. Mine all look like "Secondary password with 'a' appended?", "Secondary password with 'b' appended?"... and my KeePass auto-type string looks like
{USERNAME}{TAB}{PASSWORD}{ENTER}{DELAY 3000}vsnwi.lddbo.nabck.hexhn.xtubf.
-
Your password is a Windows product key?
-
It's genius actually....nobody would think to look at the Windows key sticker on your computer and think it's a password to anything.
-
If it's anything like all the Windows product key stickers I've seen, it'll be long since worn off before anyone has a chance to read it.
-
Anymore, I use KeePass to generate answers for the security questions, because the security questions aren't. I either end up with questions that anybody who vaguely knows me can probably answer (where were you born, what do you drive, what's your best friend's name), or I end up with a set of questions I literally cannot answer (where was your honeymoon, what's your first child's name, etc).
-
Your password is a Windows product key?
Similar format. No internal self-consistency check, just random letters.
I have pretty much settled on using five dot-separated groups of lowercase letters since soft keyboards became a thing. It pisses me off no end that Apple won't let me use that format for an Apple ID password, but has no problem at all accepting Apple123.
-
-
-
Has anyone referenced @apapadimoulis's article yet?
-
before you? not that i can think of.
-
I prefer this, somewhat related, article.
Also, does anyone else think it is strange that our Dicksores install will not onebox TDWTF articles?
-
@Intercourse said:
Also, does anyone else think it is strange
@Intercourse said:
Dicksores
@Intercourse said:
will not
No.
-
Yeah, if I had thought that through...
Another Disception.