*Sigh* Company-Password rules and Win10 PINS
-
I got a new laptop on friday, which has WIn10 installed. So far so good - when entering my insane Password (15 Chars, special char, numbers etc. needed) I remembered that Win10 has a sweet 4 digit PIN to log in. So I tried to set that - which has to be at least 12 chars with special characters and numbers per GPO.
sigh I am 95% at our premises and we need to log out when we leave the place even for 10 seconds - so entering such monstrosities is a huge pain. Not to mention Bitlocker is active - so I have to enter that thing more often than not.
-
Wow.
I had a situation where I needed to "sign" things constantly at a job I worked at years ago. I bought a keyboard that had macro software such that I could hit a key and it would play a string back. You might be able to use something like that, although management would lose it's shit if it ever found out.
-
So... A "password" button.
I guess it beats a Post-it slightly...
-
Definitely would have helped this poor soul http://www.bbc.com/news/world-europe-32248779
-
Retinal scan starting to look pretty good right about now.
-
So far so good - when entering my insane Password (15 Chars, special char, numbers etc. needed) I remembered that Win10 has a sweet 4 digit PIN to log in. So I tried to set that - which has to be at least 12 chars with special characters and numbers per GPO.
Security is the enemy of Usability.
Retinal scan starting to look pretty good right about now.
But by GPO you'd still have to enter 24 random symbols as well.
-
Can't you get a physical token like an access card and a shorter pin ?
-
Can't shorten the PIN! Someone might steal the access card and then they'd be able to get in easily!!!
-
Hardware token + 4 digit PIN (rate limited) + biometrics seems like the best approach to security for 99% of cases.
But companies are stuck in "20 character passwords" mentality.
But by GPO you'd still have to enter 24 random symbols as well.
"Please scan a minimum of 24 eyes to login"
-
Maybe a USB Rubber Ducky or an Arduino-based Social Engineering Toolkit might help?
(Are there devices that look like a detached tongue of a USB stick meanwhile?)
-
"20 character passwords" mentality.
And no special characters! Or dictionary words! (We will check the entire collection of dictionaries of the world.)
-
But by GPO you'd still have to enter 24 random symbols as well.
But in the Latin alphabet, "Jehovah" begins with an "I"!
-
Can't you get a physical token like an access card and a shorter pin ?
In my case above, the application was military-related. Real users had an access card--their military ID. Us poor civilian devs, though, had to make do with typing in a password to access a file on 3.5" floppy (it was 2004. Flash drives were banned). Testing code changes required you to put that password in dozens of times a day. Also, the passwords were generated for you--you didn't choose 'em.
-
And presumably the only remotely sane way of not forgetting it involves yellow bits of paper with flaky adhesive ?
-
And presumably the only remotely sane way of not forgetting it involves yellow bits of paper with flaky adhesive ?
Actually, my password--which I believe was typical--was leetified words: I think it was something like h0Rs3b4tt3rY.
-
That's not even secure... right there...
-
Well, it was only for a test system. I didn't have access to production data...except that there was no test system for the part that interfaced with SABRE, so I could book a real seat on a real plane if I wasn't careful.
-
Hardware token + 4 digit PIN (rate limited) + biometrics seems like the best approach to security for 99% of cases.
True 3-factor!? I don't think that's used for anything anywhere on earth!
-
Nah, there's probably something somewhere that has to appear to be that ridiculously safe.
Not something serious like nuclear codes of course - those are probably primarily protected by court martial.
-
Well, it was only for a test system. I didn't have access to production data...except that there was no test system for the part that interfaced with SABRE, so I could book a real seat on a real plane if I wasn't careful.
That's not even secure... right there...
<WTF YOU SAYIN?!?!?! THIS POST AINT EMPTY: MY FATHER EAS A NAY SEAAL
-
Not something serious like nuclear codes of course - those are probably primarily protected by court martial.
Or just "00000000".
-
Not something serious like nuclear codes of course - those are probably primarily protected by court martial.
Or just "00000000".
Bla bla bla, same combination on my luggage, bla, bla, bla....
-
Nah, there's probably something somewhere that has to appear to be that ridiculously safe.
What, you mean… the Director's private drinks cabinet?!
-
Quite possibly something along those lines.
-
-
"**A code consisting of eight zeroes** has never been used to enable a MM ICBM, as claimed by Dr. Bruce Blair," the new document, obtained by FP, insists, while laying out the basics on how a nuclear missile can be launched.
Spot the weasel words! It was probably ten for more security.
-
Or/and they were pendantic enough to distinguish between the number 0 and the character "0".
-