Monkey muppet,
buut man you are nasty to your users, love it
would not want to have you as a network admin if I were a normal worker but as a network admin myself I would love to work with you
or a line of a song
buut man you are nasty to your users, love it
would not want to have you as a network admin if I were a normal worker but as a network admin myself I would love to work with you 
Another easy way to get a complex password: email addresses of friends.
They're long, include special symbols, and provide easy to remember opportunities for capitalization (like the first letter after @, or the person's intitials if their name is in the address).
They're long, include special symbols, and provide easy to remember opportunities for capitalization (like the first letter after @, or the person's intitials if their name is in the address).
- Mar 3, 2001
- 8,859
- 4
- 0
I already know about group policy and locking down the desktops using screen savers, that isn't a big deal.
I cannot use a biometric scanner as most of the people get in through Citrix and through PDA devices with Exchange ActiveSync.
I am concerned about people like notfred. I know password complexity is a pain, and here they tend to hand hold the older partners who are currently set to have their passwords never expire and everyone in the office knows their password.
I have made sure that management knows there is a very real possibility that someone could become disgruntled, see that the office manager or managing partner's desktop is not locked while they are away, and jump in there and email all their clients that they are a bunch of stuipd fvcks.
The problem is, this is just like keeping good backups. No one cares about the backup until they need it. No one cares about security until something happens that decent security could have prevented. Isn't it something like 70% of all security breaches are internal?
I have seen the "first letter of each word in a sentence" and "line of a song lyric" ideas before, and they are great ideas, but how do I convey this to a 60 year old legal secretary who thinks computers are evil and every time Word locks up it is entirely my fault?
I cannot use a biometric scanner as most of the people get in through Citrix and through PDA devices with Exchange ActiveSync.
I am concerned about people like notfred. I know password complexity is a pain, and here they tend to hand hold the older partners who are currently set to have their passwords never expire and everyone in the office knows their password.
I have made sure that management knows there is a very real possibility that someone could become disgruntled, see that the office manager or managing partner's desktop is not locked while they are away, and jump in there and email all their clients that they are a bunch of stuipd fvcks.
The problem is, this is just like keeping good backups. No one cares about the backup until they need it. No one cares about security until something happens that decent security could have prevented. Isn't it something like 70% of all security breaches are internal?
I have seen the "first letter of each word in a sentence" and "line of a song lyric" ideas before, and they are great ideas, but how do I convey this to a 60 year old legal secretary who thinks computers are evil and every time Word locks up it is entirely my fault?
I think a sufficient password for a general office is 7 characters (one of which needs to be a number) and the 6 letters cannot be a word.
Also, password protect the screen after 10 minutes of inactivity.
That should be more than enough.
Also, password protect the screen after 10 minutes of inactivity.
That should be more than enough.
Originally posted by: Czar
Monkey muppet,
or a line of a song
buut man you are nasty to your users, love it
You could have a log in script which brings something simliar to this on their screen before you answer the phone
You can learn a lot from BFOH
Give her her typewriter back.
Basically implementing security policies almost always comes at the expense of usability in some way. If you want to show people how important this is and how easy it is to guess passwords, get yourself a copy of LC5 and I guarantee you that you will have a load of passwords that can be guessed in under 5 minutes on a fairly average machine.
As long as you don't expire the passwords too often, it is not unreasonable to ask someone with an IQ over 75 to remember a complex password of 6 characters.
At the end of the day you have to get management to decide this is important and to side with you and say "This is how it's going to be. If you can't handle this, perhaps you should seek employment somewhere there are lower standards of intelligence."
you can do this with windows active directory by imposing certain restrictions on the password (e.g. caps and non-caps, numbers, other characters, etc)
DivideBYZero
Lifer
- May 18, 2001
- 24,117
- 2
- 0
easy:
Password35
becomes
Password36
etc.
60 day password changes are null and void if you use this system. Our system remembers the last 13 of the buggers, too....
Originally posted by: Joemonkey
I already know about group policy and locking down the desktops using screen savers, that isn't a big deal.
Good
I cannot use a biometric scanner as most of the people get in through Citrix and through PDA devices with Exchange ActiveSync.
Citrix: Is this linked to their NT account to provide the credentials with a 4 digit pin and an autogenerated keyfob
PDA: Connected through? WiFi, Bluetooth, Cradles or all three?
I am concerned about people like notfred. I know password complexity is a pain, and here they tend to hand hold the older partners who are currently set to have their passwords never expire and everyone in the office knows their password.
Give them a choice of either computer literacy courses or personnel warnings: Their job description states, quite clearly, Computer Literacy. They signed the contract of employment - it's now a legal document. If they can't honour the contract...well you know the rest.
I have made sure that management knows there is a very real possibility that someone could become disgruntled, see that the office manager or managing partner's desktop is not locked while they are away, and jump in there and email all their clients that they are a bunch of stuipd fvcks.
Give them a mock example to them (notice the word mock) - this will hammer home the point how easy it could be to do.
The problem is, this is just like keeping good backups. No one cares about the backup until they need it. No one cares about security until something happens that decent security could have prevented. Isn't it something like 70% of all security breaches are internal?
Me and my army of DAT's are developing a special bond.
75-80%ish, yeah it sounds about right
I have seen the "first letter of each word in a sentence" and "line of a song lyric" ideas before, and they are great ideas, but how do I convey this to a 60 year old legal secretary who thinks computers are evil and every time Word locks up it is entirely my fault?
Tell them computer security mean that you have to type in the password to keep the demons from entering her domain - not sure that sound evil or hellish enough (let me work on that)
The thing is, I know full well the security implications of what I'm doing. However, I still prefer the peice of paper to typing in 8 different passwords, all of which are valid for *something* (probably a different machine/app than I'm currently logging into, though), or have been in the past, before I get locked out or finally pick the right one.
They say "Treat your password like a $50 bill. Would you just leave a $50 bill tucked under your keyboard or taped to your monitor? No, you would keep it in your wallet. If you MUST write passwords down, handle and secure them as if they were cash."
I don't know if this will work with your system, but when I had to admin a new xp based network for a short time I used this password policy with the employees. And as far as I know they still use this method now.
tell them not to think of them as passwords more as pass"phrases". Have them use a semi short sentence for passwords. Somthing they can easily remeber, but is not obvious. Tell them to write out the phrase they want ahead of time, and to give you a copy.
example:
"Anna was born two years before Nick"
tell them not to think of them as passwords more as pass"phrases". Have them use a semi short sentence for passwords. Somthing they can easily remeber, but is not obvious. Tell them to write out the phrase they want ahead of time, and to give you a copy.
example:
"Anna was born two years before Nick"
- Mar 3, 2001
- 8,859
- 4
- 0
I see where you are coming from, but this is ONE password, that they type in when they come in in the morning. Obviously, if we set a 10 minute screensaver lockout, they will have to type it in more times per day. However, as soon as they get used to typing that one password, it will be time to change it.
Citrix was only my example of how we cannot use biometrics. If they are signing in to Citrix from home, biometrics would not be possible. We are discussing keyfob RSA IDs.
As far as the PDA goes, I guess a lot of people still don't know what Exchange ActiveSync is... the PDA connects to our Exchange server over cell phone lines and syncs with it either in real time, set specific intervals (every 15 minutes for example) or when you manually tell it to. So, a complex password they type in once every 30 days is ok, but the RSA ID would mean every time they want to sync they would have to type in a new password.
If they forget their password, they have to come to the help desk and put in a new one. Remote users will need a manager to vouch for them. They get a temporary password that must be changed immediately.
You maintaining a record of everyone's password is generally a Bad Idea. Someone could compromise that file or it could be misused, or someone could call you up and say "Hi this is Sally in accounting. I forgot my password...could you give it to me again?" except it's not actually Sally, it's Tonya from the mailroom who got fired last week and is looking for revenge.
ah good point, I guess it's a good thing I'm no longer admining the system
. But it was a pretty small company with only 20 employees.TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 407
-
Facebook
Twitter