• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

any IT guys who get to see everyone's passwords?

Actually, as long as I've been a sys admin/network admin (going on over 6 years now), I rarely "see" peoples passwords. I usually just reset them to something and let the user choose. There have been a few times when I've cracked the LANMAN hash just to see what types of passwords people were selecting, but that was more out of necessity to guage what policy I shold apply using passfilt.dll
 
"password" is a common one.

Mostly their dog's or kid's name is what I see.

Personally, I use my dog's name half in 1337 and half normal 😛

Assuming my dog's name was Rover

I'd have r0v3r.

It's worked quite well so far.
 
Usually PW's are hashed so don't see them.

Working on people's pc's, 90% will tell me their password without me prompting. I usually look away when there's a prompt, but, sometimes they just say it.

Then again, I'm trust worthy, but, they don't /know/ that.
 
Originally posted by: dman
Usually PW's are hashed so don't see them.

Working on people's pc's, 90% will tell me their password without me prompting. I usually look away when there's a prompt, but, sometimes they just say it.

Then again, I'm trust worthy, but, they don't /know/ that.
Click to expand...

agreed with the 90% comment....then theres the 5% where all you need to do is look under their KB or mouse pad and there will be a sticky note with all of them right there
Then theres the other 4.9999% that leave passwords in a plain text file somewhere on their comp or on a PDA or in their wallet.
Them the last .1% are the sysadmins and 1337 haxors who store em all in their head.
 
Originally posted by: dman
Usually PW's are hashed so don't see them.

Working on people's pc's, 90% will tell me their password without me prompting. I usually look away when there's a prompt, but, sometimes they just say it.

Then again, I'm trust worthy, but, they don't /know/ that.
Click to expand...

Heh, same here. If I was an untrustworthy prick, I'd be able to do untold amounts of damage. Then again, it might be the fact that I always try to NOT let them give me their password which gives them a sense of security.

I often get them looking at me strangely when I ask them to put in their passwords, often they say something like 'Don't you know it already? I've given it to you plenty of times before.'
One day I hope they will realise that remembering your own password is easy. Remembering everyone else's because they love to give it to you is friggin impossible.

That said, the new password trend here is kid's names in half l337 or similar (like JustAnAverageGuy's example).
 
Friend: Dude, I wanna log in, what the password?
GoodToGo: whatthehell
Friend: Seriously man, I need to check something.
GoodToGo: WHATTHEHELL
Friend: Man, some people have rods up their asses
GoodToGo:................
 
Originally posted by: Drakkon
Originally posted by: dman
Usually PW's are hashed so don't see them.

Working on people's pc's, 90% will tell me their password without me prompting. I usually look away when there's a prompt, but, sometimes they just say it.

Then again, I'm trust worthy, but, they don't /know/ that.
Click to expand...

agreed with the 90% comment....then theres the 5% where all you need to do is look under their KB or mouse pad and there will be a sticky note with all of them right there
Then theres the other 4.9999% that leave passwords in a plain text file somewhere on their comp or on a PDA or in their wallet.
Them the last .1% are the sysadmins and 1337 haxors who store em all in their head.
Click to expand...

Mine are on a sticky (with a LOT of other scribble and I mean a lot) on the monitor in plain sight.
 
While I'm not an admin, I have some limited experience and know fairly often when I'm in a system where the admins can access passwords. In those cases I usually make my password some form of message for the admins if they see it. Just for kicks and grins. 🙂

ZV
 
I once did a query out of curiosity, and something like 12% of the users for one particular site had the word "fvck" somewhere in their password 😛
 
If you're using software not coded by a 3-year-old, an administrator should never be able to "see" a user's password. One-way encryption is used so that after hashing the password, even the computer itself doesn't know what the password originally was anymore.
 
Originally posted by: yllus
If you're using software not coded by a 3-year-old, an administrator should never be able to "see" a user's password. One-way encryption is used so that after hashing the password, even the computer itself doesn't know what the password originally was anymore.
Click to expand...

That one always gets me you need to have a password 37 letters long with no more then 2 number or letters grouped together and at least seven !@#$**%0 characters and then the stupid admin has them stored in plain text.
 
Originally posted by: yllus
If you're using software not coded by a 3-year-old, an administrator should never be able to "see" a user's password. One-way encryption is used so that after hashing the password, even the computer itself doesn't know what the password originally was anymore.
Click to expand...

You must be talking about Windows then, because any decent cracking program can find < 5 char passwords in a couple seconds. Much longer as the password length grows.
 
Originally posted by: Spencer278
Originally posted by: yllus
If you're using software not coded by a 3-year-old, an administrator should never be able to "see" a user's password. One-way encryption is used so that after hashing the password, even the computer itself doesn't know what the password originally was anymore.
Click to expand...

That one always gets me you need to have a password 37 letters long with no more then 2 number or letters grouped together and at least seven !@#$**%0 characters and then the stupid admin has them stored in plain text.
Click to expand...

Well, it's to keep out hackers and spys, not your admins, they're trustyworthy y'know. (/sarcasm)

I'm highly annoyed at some of our company's security policies. While they may have a good reason for them, it's doubtful that we really need 8digit letter/number passwords changed every 90 days w/ no repeats for god knows how long. Then if you mistype 'em more than 3x the account is locked and you need to reset the password. You know when you fark the password up you re-type it a second time without thinking. Then if it still doesn't work, you have to wonder if you mistyped it again OR if you forgot the password... and if you screw it up then, game over. (well you can reset it but what a royal pita).

So, what do you do then, well, I keep my work passwords in a plaintext file on my pc.

There's others, but, I'd probably get in trouble for sharing them.

My current password is a commentary on the suckage of the security policy. Nobody would care, but, it makes me happy to type it in when prompted.
 
Originally posted by: dman
Originally posted by: Spencer278
Originally posted by: yllus
If you're using software not coded by a 3-year-old, an administrator should never be able to "see" a user's password. One-way encryption is used so that after hashing the password, even the computer itself doesn't know what the password originally was anymore.
Click to expand...

That one always gets me you need to have a password 37 letters long with no more then 2 number or letters grouped together and at least seven !@#$**%0 characters and then the stupid admin has them stored in plain text.
Click to expand...

Well, it's to keep out hackers and spys, not your admins, they're trustyworthy y'know. (/sarcasm)

I'm highly annoyed at some of our company's security policies. While they may have a good reason for them, it's doubtful that we really need 8digit letter/number passwords changed every 90 days w/ no repeats for god knows how long. Then if you mistype 'em more than 3x the account is locked and you need to reset the password. You know when you fark the password up you re-type it a second time without thinking. Then if it still doesn't work, you have to wonder if you mistyped it again OR if you forgot the password... and if you screw it up then, game over. (well you can reset it but what a royal pita).

So, what do you do then, well, I keep my work passwords in a plaintext file on my pc.

There's others, but, I'd probably get in trouble for sharing them.

My current password is a commentary on the suckage of the security policy. Nobody would care, but, it makes me happy to type it in when prompted.
Click to expand...

I think they do it because they suck at protecting the servers. As long as no one can get the password file then cat7 is just as good password as anything you can make up if you lock out wrong attempts realitive quickly ie less then 100.
 
No, but I run a brute force cracker to check for common passwords to make sure my users make good passwords. When someone forgets, I just reset it.

But I find that sometimes I can guess what their password is by looking around their office, desk, or cube. Look for things that are important to them. If they got pics of their kids, try their names in various order, and depending on your system policy, add a number 1 to the end. People like it easy. If they got pics of a car, try the name of the car, engine size as the numbers in the password. This worked for me a few times. Then there's the obvious "The password is xxxxxxx123" on a post-it on the monitor.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top