Password Audit time :)

[rsutoratosu]

How many times have you seen this on your network.. here's my password and all my info. I went in to an office, the guy has a wall of password on post it pads, 4 across and 4 down. Its like they dont even try to hide it

 

[Jodell88]

keepassX FTW!!!

 

[Fingolfin269]

Most on the business side of an office environment resent the fact that they need 25 different passwords for 25 different systems. They just want one unified password or something that just makes it easier to keep track of (like mentioned above).

 

[AstroManLuca]

If your office requires you to change your password every 3 months, or has all sorts of ridiculous rules (must be 8-12 characters, must contain upper and lowercase letters, must contain a number, may NOT contain special characters, no repeating letters, may not use the same character more than twice, etc.), or requires you to keep a different password for absolutely everything... then yeah, what do you really expect?

Admins who impose those rules think they are improving security when in fact they are doing the exact opposite.

 

[crownjules]

If your office requires you to change your password every 3 months, or has all sorts of ridiculous rules (must be 8-12 characters, must contain upper and lowercase letters, must contain a number, may NOT contain special characters, no repeating letters, may not use the same character more than twice, etc.), or requires you to keep a different password for absolutely everything... then yeah, what do you really expect?

Admins who impose those rules think they are improving security when in fact they are doing the exact opposite.

Yes but if the admins don't do that then you get idiot end users using Password1 or Hello123 for their passwords. It's a tricky thing to balance and ideally the end users would understand why password complexity is a necessary thing now.

 

[rsutoratosu]

No our password doesn't change that often, 2x a year or if we determine someone is highly technical like another admin leaving, all password gets change again. But people keep their personal stuff at work on post it pads and in word document like that..

 

[darkxshade]

My password is just an anagram of aaaaaaaa

 

[Abe Froman]

We have 6 different passwords, all different lengths, cannot be the same, must include capital letter, symbol, lowercase letters and numbers. Longest is 16 characters, shortest is 8.

They all change at different times nothing changes together.

 

[GoPackGo]

Overly complicated passwords within an internal network should be unnecessary if the admins have good firewalls in place.

 

[rudeguy]

We have 6 different passwords, all different lengths, cannot be the same, must include capital letter, symbol, lowercase letters and numbers. Longest is 16 characters, shortest is 8.

They all change at different times nothing changes together.

Sounds about like my work. Its so stupid...its not like I have access to nuclear launch codes.

So I just made a sticky note in Outlook with them all on it. I didn't technically write them down

 

[NikolaeVarius]

I just use a simple password thats similar across all my websites except I change something at the end unique to each website thats easy to figure out if you know what you're looking for.

 

[rsutoratosu]

I use to keep passwords in my iphone notepad just pwd lock the phone and hope i dont lose them

 

[Anubis]

my password is password

 

[ShawnD1]

Admins who impose those rules think they are improving security when in fact they are doing the exact opposite.

In the end, it doesn't really matter. The way "hackers" get passwords is so stupid that it's almost insulting. Remember that Kevin Mitnick guy? He would do retarded shit like wear photocopied badges and physically go inside the building. Have a smoke break and talk with people who work there and go back inside with them. Just like that, all of your security systems have been bypassed. People let him inside the building; no hacked keycard needed.

Some of the more recent big hacks are just as dumb.
call the secretary: "hi, i'm blah blah, can you tell me the name of the network admin?"
call the IT people: "hi, this is (network admin) and I'm doing a test on the system, can you send a reset password to (some email account)"
*they send the reset password*
*log in as that person*
*download all of the hashed passwords then start hacking them*

You want in? Just ask. Lots of people will bend over backwards to help a friendly guy on the phone.

Sometimes this dumb shit is needed. I heard one first hand story where a woman was trying to close her husband's phone account. Why? He died. She tried to tell them that a million times over and they just didn't give a shit. You're dead? Well fuck you; you're now a Bell phone customer until the end of time (even after you've died!). She had a guy friend call as her husband and close the account. It's just stupid.

 

[Ruptga]

If the company really cared about security they would install fingerprint or RFID readers at their terminals, so fuck it.

 

[rsutoratosu]

my sister's place had retina scanner to get in the office, she said its was such a hassle to go to the bathroom each time, and you gotta scan in.. just annoying like password.

 

[JimKiler]

If your office requires you to change your password every 3 months, or has all sorts of ridiculous rules (must be 8-12 characters, must contain upper and lowercase letters, must contain a number, may NOT contain special characters, no repeating letters, may not use the same character more than twice, etc.), or requires you to keep a different password for absolutely everything... then yeah, what do you really expect?

Admins who impose those rules think they are improving security when in fact they are doing the exact opposite.

Totally agreed. Because i have to have a number and special char on all my passwords across systems and certain special characters are used on one system but not the next i always end my password with -0 and those are universal. But if I use a different special character and it is not accepted on the next system i am screwed and have to remember multiple varations of the same password since our admins do not let us change our passwords more than 1 every 24 or 48 hours. I hear it is 24 but when i try after 24 it still fails.

 

[rudeguy]

If the company really cared about security they would install fingerprint or RFID readers at their terminals, so fuck it.

right...or even voice authentication. Typed in passwords are more of a menace than anything. Make the hacker steal someone's eyeball or throat, no just guess some random digits.

 

[GobBluth]

16 char, 2 upper, 2 lower, 2 numbers, 2 special char.

Guaranteed to make users write their passwords down!

 

[ShawnD1]

If the company really cared about security they would install fingerprint or RFID readers at their terminals, so fuck it.

Same deal with drug tests. Things like cocaine and meth are gone from your system in a week. All your piss test shows is that someone was smart enough to stop taking drugs for a week. If you really wanted to their entire drug history, you would get a hair sample. Your hair stores information for weeks or months. As long as your hair is, that's how long your history is. Back in university, we did a test on an alcoholic's hair and we confirmed that you can detect alcholism for months afterward.

 

[rudeguy]

Same deal with drug tests. Things like cocaine and meth are gone from your system in a week. All your piss test shows is that someone was smart enough to stop taking drugs for a week. If you really wanted to their entire drug history, you would get a hair sample. Your hair stores information for weeks or months. As long as your hair is, that's how long your history is. Back in university, we did a test on an alcoholic's hair and we confirmed that you can detect alcholism for months afterward.

Please tell me you meant the presence of alcohol.

 

[SKORPI0]

Workplace requires us to change pw every 3 months. Minimum 8 characters, must have a least 1 uppercase, and numerals. Cannot repeat/reuse previous pw.
I have 3 usernames for different nature of access, so I have to write pw on a sticker and put it on my wallet.

 

[Imp]

...I used to have them on a post it, then transferred them to my sketchbook thing that I usually keep in my bag. Hope I don't lose it...

And I keep all the passwords for my bank accounts and everything else in a small book on my computer table at home.

 

[WackyDan]

Admins who impose those rules think they are improving security when in fact they are doing the exact opposite.

They are doing their job. I've seen customers fail audits just because their password length, complexity and age did not meet an industry or partner requirement. You can bet your ass if I owned a company, I wouldn't do business with one that had less security policy in place than my own.

 

[mmntech]

If your office requires you to change your password every 3 months, or has all sorts of ridiculous rules (must be 8-12 characters, must contain upper and lowercase letters, must contain a number, may NOT contain special characters, no repeating letters, may not use the same character more than twice, etc.), or requires you to keep a different password for absolutely everything... then yeah, what do you really expect?

Admins who impose those rules think they are improving security when in fact they are doing the exact opposite.

Ha three months. Ours is every two. It's a colossal PITA. I try to use strong passwords but I just end up making minor changes to existing ones just because I'm too lazy/can't think up new ones. Which probably makes security worse in the end.