Consider Changing Your Password?
-
I could be local admin on my work PC
I'm not local admin on my PC; my domain account makes me a local admin on all PCs on the domain. But I'm not a domain admin.
The domain account password never changes
Ah... that's the only account that I have. I don't have local accounts on the PCs, just the domain account. I can log in anywhere with it.
-
It can be useful for comparing something like sound recordings to find "probably has this with an overlay, bad recording of the first thingy, etc.". There are actual uses for them (the uses aren't cryptographic though).
-
Somewhere between 2/3 and 3/4.
If I wait until the last day, it sometimes makes it impossible to log back in, with VPN and everything.
But I don't jump on it first thing either.
-
Ah... that's the only account that I have. I don't have local accounts on the PCs, just the domain account. I can log in anywhere with it.
Well, when I said local account, I meant my domain account, as opposed to the domain admin. Poor choice of words. CORP\Frostcat is not an admin of any kind, CORP\Domain1 is a domain admin.
I have a local account on my own PC that's a local admin, because I don't think you can start with a domain account, unless I'm wrong about that. I always provision PCs by creating a local admin account, then join the domain and install software with the domain admin account, then give it to the users to log in with their own regular domain account.
Also I don't use the local admin account hardly at all, because accessing network resources is more work.
-
"too similar" cannot be actioned on anything but the immediately pervious password (which you are, after all, entering in the same form) unless they're storing plaintext forever.
Whatever GOsa does... That's how we do LDAP. (it then propagates that out to gmail)
I'm pretty sure I remember it telling me a new one was "too similar". Anyways, it remembers 4. So I'm in my rotation now. (Rules:
-Must contain chars from 3 of the 4 groups: upper case, lower case, numbers, non-alpha
-must be at list 9 chars
-must not contain username, name, simple words, any form of <company name>)Of course, I log in to my computer using my MS id - which isn't under those restrictions. (remember, we don't have a domain here)
-
It's not so bad. It's pretty rare that I get called, and when I do, I can often either tell them what to do differently or just log in and fix it remotely.
Working during my vacation.
But they'll comp me some days.
-
I always provision PCs by creating a local admin account, then join the domain and install software with the domain admin account, then give it to the users to log in with their own regular domain account.
I think WDS has the ability to join provisioned PCs to the domain upon deployment without a local account, but I can't be sure at the moment.
Still good to have an "emergency" local admin account just in case though. ;P
-
I think WDS has the ability to join provisioned PCs to the domain upon deployment without a local account, but I can't be sure at the moment.
I don't think we're organized enough for that--we just order Small Business Dells and have them delivered either to the main office or to the destination, depending on whether the destination office has someone trusted to do the setup. So like I said, I get a desktop or laptop, unbox it, turn it on, create a local user, and then join the domain.
-
It can be useful for comparing something like sound recordings to find "probably has this with an overlay, bad recording of the first thingy, etc.". There are actual uses for them (the uses aren't cryptographic though).
wouldn't that be a fingerprint algorithm rather than a hashing algortithm?
-
I do not want a device hashing my finger.
-
I have a local account on my own PC that's a local admin, because I don't think you can start with a domain account, unless I'm wrong about that.
No, pretty sure you'd have to log in with a local admin account to join it to the domain. So there's that.
Unless, I guess you might just be able to load an image onto the hard drive and have it already be set up as a domain PC.
Also I don't use the local admin account hardly at all, because accessing network resources is more work.
Yeah, that.
-
No, pretty sure you'd have to log in with a local admin account to join it to the domain. So there's that.
IIRC, to join a domain you need an account with perms to join the domain--which in my case would be the domain admin account. But the first time you turn on the computer, with a regular windows installation, it asks to create a local account.
Unless, I guess you might just be able to load an image onto the hard drive and have it already be set up as a domain PC.
That seems like more work than is worth doing. :)
-
-
-
A hash is a smaller set of bytes to represent something. A "fingerprint" is a smaller set of bytes to represent something. There are also some things about hard to reverse for a hash that also held true for fingerprint ones when I last mucked about with them (a decade ago, were both called hashes at the time).
-
-
I had a client where if you needed the help desk to reset your password, you were forbidden from changing it from the default 'passw0rd1' that they set it to for two weeks. Attacker just needs to lock you out because the other policy was that if you were locked out they reset your password.
Oh and instead of encrypting or tokenizing silly things like CC numbers they bought insurance in case they were hacked.
-
I increment a letter. I have just a few left before I wrap around...
I do this too. Up to j.
-
@anotherusername said:
Unless, I guess you might just be able to load an image onto the hard drive and have it already be set up as a domain PC.
That seems like more work than is worth doing. :)
Just to have it be on the domain? Sure I guess. But a lot of large organizations just load an image onto the PC anyway, so why not.
-
a lot of large organizations
Well, we're not one, which is probably the main reason. I would imagine if your buying pattern is "3 of the cheapest Dimension desktop, followed by a latitude laptop 6 months later" and so on, it's not worth the effort of making an image.
-
You should have been requesting a new domain normal user account that never expires (the domain admin can set that) for that purpose, especially at the time when your BOSS^3 is involved. It reduces the chance of a critical system application fails because of unexpected event.
-
-
I just started getting emails from work about this. They always start 20 days out.
Do you have to change them every 31 days?
Needless to say, I just have 4 passwords, and they're not very different...
<10_char_password_for_system>_MMMYY
-
-
@boomzilla said:
I just started getting emails from work about this. They always start 20 days out.
Do you have to change them every 31 days?
No, I just delete them from my inbox.
-
i refuse to change it on a friday. I'll forget it!
I had to remote in while I was off on paternity leave, and my password had expired. Surprisingly I still remembered it coming in a week and a half later
-
You should have been requesting a new domain normal user account that never expires (the domain admin can set that) for that purpose
we already have one of those. that's what it was supposed to use. it didn't have the right permissions and BOSS^3 (who i'm still not sure why he was even THERE on that saturday) didn't want to spend the time to find out what permissions were broked.
-
MMMYY
You have to remember a month and a year? Why not just leave the year off? If you have to change it every 31 days, that's 12 distinct passwords if you don't include the year, surely it doesn't remember your last 12 passwords...
-
If you have to change it every 31 days
3 months (give or take a few days) for me.
-
a week and a half later
Dang your employer must have really struggled with 1.5 weeks of paternity leave.
-
But how many of them does it remember and not let you re-use?
-
But how many of them does it remember and not let you re-use?
NFC. Can't find the email with the details in, and the form for changing it doesn't specify.
-
It'll specify if you re-use one that it remembers and it doesn't want you to re-use it, though.
-
Even i cant remember previous ones. Easy to guess of course. Presuming they didn't happen around the 32nd or 0th of the month of course...
You can probably tell how many fucks I give about a piece of administrivia that I have to deal with 4 times a year.
http://i.imgur.com/ILyHbuJ.jpg
Ok, still 4 times too many, but I have so many other things to rant about, this pales into insignificance. See thread in Lounge fer example, with the penis shaped office...
-
Ok, still 4 times too many, but I have so many other things to rant about, this pales into insignificance. See thread in Lounge fer example, with the penis shaped office...
Some of us have to work too much to maintain the game needed to have access to the lounge
-
Some of us have to work too much to maintain the game needed to have access to the lounge
-
@shadowmod trust vaire
-
username: Vaire trust level: 2 (Not locked) In the last 100: Visits: 50/50 Topics Replied To: 47/10 Topics Viewed: 235/251 Total Topics Viewed: 647/200 Posts Read: 51197/23208 Total Posts Read: 149152/500 Flagged Posts: 0/5 (max) Flagged By: 0/5 (max) Likes Given: 376/30 Likes Received: 222/20 Liked on Days: 52/7 Liked by users: 76/5 Status: Within 90% of requirements, may be promoted soon!
-
-
If the new shit wasn't "report the beer you are drinking", maybe I would!
-
If the new shit wasn't "report the beer you are drinking", maybe I would!
It's not quite that bad: https://what.thedailywtf.com/new
βLink to your favourite spacer.gif... β is particularly compelling.
-
Feature request for the new forums: once you've attained a trust level, then barring egregious acts of maliciousness or negligence, you damn well should be allowed to keep that trust level.
Filed under: and fuck for helping me forget what the real world calls a "trust level"...
-
Feature request for the new forums: once you've attained a trust level, then barring egregious acts of maliciousness or negligence, you damn well should be allowed to keep that trust level.
Seconded.
-
Feature request for the new forums: once you've attained a trust level, then barring egregious acts of maliciousness or negligence, you damn well should be allowed to keep that trust level.
Filed under: and fuck for helping me forget what the real world calls a "trust level"...
If you like your trust level, you can keep your trust level.
Too soon?
-
barring egregious acts of maliciousness or negligence
Such as neglecting to read enough topics?
-
Some of us have to work too much to maintain the game needed to have access to the lounge
So you'll walk away from a job due to password thingies, but not a serious quality of life issue like TDWTF constraints?
-
So you'll walk away from a job due to password thingies, but not a serious quality of life issue like TDWTF constraints?
Yes.
-
Some of us have to work too much to maintain the game needed to have access to the lounge
-
Well now, that would just be cheating, though
-
then call me a cheaty mc-cheatycyberpants!
:-P