From the department of forgetting to renew certificates
-
@dcon said in From the department of forgetting to renew certificates:
@error said in From the department of forgetting to renew certificates:
Our passwords expire regularly, but we can't make new ones. Instead, there is a web portal that presents you with 30 or so random character combinations per page, and you select one from the list.
The Guaranteed-PostIt-Password policy.
Well in theory, password managers are supposed to replace post-its. In practice, even I, whom I don't consider tech-illiterate, have yet to use one (unless we consider a password-encrypted text file containing hints a password manager).
-
@Medinoc said in From the department of forgetting to renew certificates:
Well in theory, password managers are supposed to replace post-its.
They do. They also work quite well on most sites.
-
@dkf Except for the passwords to log into the computer in the first place, and for the password manager, itself. Although the post-it with my main Windows password is in my wallet, not where an opportunistic would-be snoop could easily find it, and has a bunch of passwords, most of which are no longer valid for anything, with no hint of what they might be for.
-
@dkf said in From the department of forgetting to renew certificates:
@Medinoc said in From the department of forgetting to renew certificates:
Well in theory, password managers are supposed to replace post-its.
They do. They also work quite well on most sites.
And then there are the sites which go out of their fucking way to break it.
-
@HardwareGeek said in From the department of forgetting to renew certificates:
Except for the passwords to log into the computer in the first place, and for the password manager, itself.
Those are integrated on my system, so it's one password for both. Remembering a single password (that isn't joined to a domain or anything else like that, so it isn't subject to others' pointless rules; the hardware itself remains under my control) is relatively easy.
-
@dkf said in From the department of forgetting to renew certificates:
that isn't joined to a domain or anything else like that, so it isn't subject to others' pointless rules
This is the key difference.
-
@loopback0 said in From the department of forgetting to renew certificates:
I've got three AD accounts
Lemme start counting my work-related accounts...note that I'm only including accounts that have unique passwords:
- WTFHelpdesk domain account (laptop user account)
- WTFHelpdesk's new corporate overlords' domain account (to get into email/Sharepoint/Teams/etc.)
- WTFHelpdesk phone queue software user account (since it's not domain-account-tied)
- WTFHelpdesk LMS system user number & PIN
- WTPharm Legacy domain 1 basic user account
- WTPharm Legacy domain 2 basic user account
- WTPharm Legacy domain 2 administrative account
- WTPharm new final domain basic user account
- WTPharm new final domain administrative account
- WTPharm SAP logon account
- AT&T account to manage WTPharm cellular data lines
- Verizon account to manage WTPharm cellular data lines
I think that's all of them...?
-
@Medinoc said in From the department of forgetting to renew certificates:
@dcon said in From the department of forgetting to renew certificates:
@error said in From the department of forgetting to renew certificates:
Our passwords expire regularly, but we can't make new ones. Instead, there is a web portal that presents you with 30 or so random character combinations per page, and you select one from the list.
The Guaranteed-PostIt-Password policy.
Well in theory, password managers are supposed to replace post-its. In practice, even I, whom I don't consider tech-illiterate, have yet to use one (unless we consider a password-encrypted text file containing hints a password manager).
The point of using a password manager is that it makes managing those encrypted secrets easier and at the same time makes sure that the encryption is done properly. They also help in generating long strings of random character passwords and can quickly regenerate it while still keeping a history should you want to (even with metadata when it was done, which could become unwieldy in a simple encrypted text file).
My password managers of choice are offline and both tools support auto-type to enter the password somewhere without even having to copy any secrets to the clipboard. They also hide information in the user interface so that someone shoulder-surfing can't easily read what secrets you have in your records.
@HardwareGeek said in From the department of forgetting to renew certificates:
Except for the passwords to log into the computer in the first place, and for the password manager, itself. Although the post-it with my main Windows password is in my wallet, not where an opportunistic would-be snoop could easily find it, and has a bunch of passwords, most of which are no longer valid for anything, with no hint of what they might be for.
If it helps you remember a high-quality password then writing it down just once and keeping it safe is definitely the way to go.
-
@e4tmyl33t said in From the department of forgetting to renew certificates:
I'm only including accounts that have unique passwords:
Password reuse is though.
-
@JBert said in From the department of forgetting to renew certificates:
@e4tmyl33t said in From the department of forgetting to renew certificates:
I'm only including accounts that have unique passwords:
Password reuse is though.
I meant "unique passwords" insofar as "these don't link to another AD account and have to be reset separately or remembered separately". At least 6 of those accounts all have the same password because I've been loath to put my work accounts into my personal Lastpass so far.