|
|
| Author |
Message |
| Hong Kong Phooey |
This post is not being displayed .
|
Hong Kong Phooey
World Chat Champion
Joined: 30 Apr 2016
Karma :  
|
 Posted: 00:08 - 03 Jun 2022  Post subject: |
 |
|
| Islander wrote: | | Hong Kong Phooey wrote: | Password rules became so convoluted that they have in fact weakened passwords, and to get around this inane must be this that and the other, which nobody can remember as they're directed to change them often, people write them down, or save them in a file, so even fucking worse you can now get full access to all apps, rather than guess just one. |
I set a policy about 10 years ago that requires unique passwords on reset with a history of, IIRC, 24. We have a minimum length of 10 characters for users and 16 characters for privileged accounts with a requirement for at least one upper case character, one number and a special character. change frequency is currently 60 days.
Oh and we always use MFA for external systems and any time the user isn't on premise
That's going to change to longer passwords with a recommendation of the usual 3 or 4 unconnected words and an upper case, a number and special character. The payoff will be that change frequency will be annual. Entropy trumps complexity every time 
I actively encourage the use of password managers and we offer Keepass on the corporate app store.
We operate a filter that detects and rejects commonly used easily guessable passwords.
Passwords are on their way out anyway - biometrics will supercede them. |
You're part of the problem 
After x wrong attempts, the account gets locked. What's the issue with passwords like petname2018? Unikely to be brute forced in 6 tries is it, and MFA makes this nonsense even more moot.
____________________
'81 CG125, '97 FZS600 : '99 CBR600F4, '09 KTM RC8 |
|
| Back to top |
  |
You must be logged in to rate posts |
|
 |
| UncleFester |
This post is not being displayed .
|
UncleFester
World Chat Champion
Joined: 30 Jun 2013
Karma : 
|
|
| Back to top |
 |
You must be logged in to rate posts |
|
|
| Ribenapigeon |
This post is not being displayed .
|
Ribenapigeon
Super Spammer
Joined: 20 Feb 2012
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| chickenstrip |
This post is not being displayed .
|
chickenstrip
Super Spammer
Joined: 06 Dec 2013
Karma : 
|
| Posted: 11:02 - 03 Jun 2022 Post subject: |
|
|
| Ribenapigeon wrote: | The Queens jubilee. |
Tell me something I couldn't have guessed 
____________________
Chickenystripgeezer's Biking Life (Latest update 19/10/18) Belgium, France, Italy, Austria tour 2016 Picos de Europa, Pyrenees and French Alps tour 2017 Scotland Trip 1, now with BONUS FEATURE edit, 5/10/19, on page 2 Scotland Trip 2 Luxembourg, Black Forest, Switzerland, Vosges Trip 2017
THERE'S MILLIONS OF CHICKENSTRIPS OUT THERE! |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Ste |
This post is not being displayed .
|
Ste
Not Work Safe
Joined: 01 Sep 2002
Karma :
|
| Posted: 11:52 - 03 Jun 2022 Post subject: |
|
|
Passphrases are easier to remember than passwords.
Dice ware makes nice passphrases. https://diceware.dmuth.org/ |
|
| Back to top |
 |
You must be logged in to rate posts |
|
|
| Freddyfruitba... |
This post is not being displayed .
|
Freddyfruitba...
World Chat Champion
Joined: 20 May 2016
Karma : 
|
| Posted: 12:19 - 03 Jun 2022 Post subject: |
|
|
[quote="Islander"] | stinkwheel wrote: | My OH works for the local GP as a medical secretary/dispenser and finds some of the systems immensely frustrating. |
This. GPs typically have multiple systems they need to log in to each morning before surgery; all with different passwords and all with different forced expiry dates. Used to drive my OH absolutely nuts. And of course allegedly might have resulted in passwords being written down all over the place 
When I used to work in Office Land, one thing which used to do my head in was the attitude that the IT folk seem to have which was that we all worked for them and had to dance to their tune, rather than them being a service to the company and us all working toward a common aim. Us frontline staff would be working flat out to some deadline or other, sweating our bollocks off typing away desperately trying to make it in time for (eg) 09:00 US time (ie midday-ish UK time), and IT would decide now would be a good time to implement the latest Windows upgrade. No, not overnight, not later this afternoon, right now. No, we can't postpone it. So you'd sit there sweating, rapping your figures on the desk with a sick feeling in your stomach, waiting, waiting, waiting while your machine switched off, rebooted, and did it's "% complete" thing for as long as it took.
Many examples of this stuff, but that was the worst...
____________________
KC100->CB100N->CB250RS--------->DL650AL2->R1200RS->R1250RS |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma :
|
| Posted: 13:21 - 03 Jun 2022 Post subject: |
|
|
Exactly.  |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Ste |
This post is not being displayed .
|
Ste
Not Work Safe
Joined: 01 Sep 2002
Karma :
|
| Posted: 13:27 - 03 Jun 2022 Post subject: |
|
|
The chances of anyone going to the effort of looking up on facebook to find your pets name or the name of your first pet or whatever other detail that's there for anyone to read are pretty much zero.
But maybe they've used the brand and model of their first car rather than anything to do with the name of a pet.
Then again they could have used the name of the town they grew up in.
And so on and so on.
Then all possibly combination of four digit numbers needs to be tried. Overall it's a lot more hassle than credential stuffing using thousands or millions of email addresses and passwords from a data breach to get all the people who reuse passwords.
People who're careless with their passwords and people who reusing passwords on multiple sites regardless of long and complicated the password is are more vulnerable than people who use really simple passwords but don't reuse the same passwords for anything that's of any importance.
 |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| stinkwheel |
This post is not being displayed .
|
stinkwheel
Bovine Proctologist
Joined: 12 Jul 2004
Karma :
|
| Posted: 13:30 - 03 Jun 2022 Post subject: |
|
|
| Freddyfruitbat wrote: | Us frontline staff would be working flat out to some deadline or other, sweating our bollocks off typing away desperately trying to make it in time for (eg) 09:00 US time (ie midday-ish UK time), and IT would decide now would be a good time to implement the latest Windows upgrade. No, not overnight, not later this afternoon, right now. No, we can't postpone it. So you'd sit there sweating, rapping your figures on the desk with a sick feeling in your stomach, waiting, waiting, waiting while your machine switched off, rebooted, and did it's "% complete" thing for as long as it took. |
Ahh. I'd go and loiter about in their office with a mug of tea dropping biscuit crumbs on the carpet and engaging anyone who'd listen in innane and irrelevant conversation. I might even take a seat with me, just waiting for any snark about not having anything better to do.
I did this a few times when I was working for DEFRA during foot and mouth, although more often because nobody in admin had bothered to send the days jobs down to the vets office (because they were "busy" with something they considered more important while 50 people are sitting about doing nothing elsewhere). Loitering in someones office being a disturbance and exuding an air of not planning to go away any time soon is a good way to get decisions made and things done.
____________________
“Rule one: Always stick around for one more drink. That's when things happen. That's when you find out everything you want to know.”
I did the 2010 Round Britain Rally on my 350 Bullet. 89 landmarks, 3 months, 9,500 miles. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma :
|
| Posted: 13:48 - 03 Jun 2022 Post subject: |
|
|
| Ste wrote: | The chances of anyone going to the effort of looking up on facebook to find your pets name or the name of your first pet or whatever other detail that's there for anyone to read are pretty much zero.
But maybe they've used the brand and model of their first car rather than anything to do with the name of a pet.
Then again they could have used the name of the town they grew up in.
And so on and so on.
Then all possibly combination of four digit numbers needs to be tried. Overall it's a lot more hassle than credential stuffing using thousands or millions of email addresses and passwords from a data breach to get all the people who reuse passwords.
People who're careless with their passwords and people who reusing passwords on multiple sites regardless of long and complicated the password is are more vulnerable than people who use really simple passwords but don't reuse the same passwords for anything that's of any importance.
|
Nonetheless, Arsebook and the like are a source of valuable information and are used to gather intelligence by threat actors.
You're spot on with credential stuffing attacks which is why savvy organisations use education and awareness programmes to keep staff informed of the threats - which include their own high value systems as well as the business systems.
We operate a no blame system. If a staff member cocks up and lets us know straight away they're thanked for their honesty and that's as far as it goes. We fix the issue and move on - although we may update future security bulletins and training. The result of this is people let us know when the slightest thing is amiss, and they're also highly aware of the risks of unsolicited links, attachments, etc. We train them to take their knowledge away from the workplace and apply it at home.
We get more incidents from poxy email address autocomplete than we do from malware and other scam attempts. And yes, I've been fighting to get it switched off |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Freddyfruitba... |
This post is not being displayed .
|
Freddyfruitba...
World Chat Champion
Joined: 20 May 2016
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| stinkwheel |
This post is not being displayed .
|
stinkwheel
Bovine Proctologist
Joined: 12 Jul 2004
Karma :
|
Posted: 17:11 - 03 Jun 2022  Post subject: |
|
|
I have wondered how much money is wasted annually by staff coming in in the morning, turning on their PC and spending the next 15 minutes fucking about waiting for a windows update to finish doing whatever the fuck it is windows does that takes 15 minutes to achieve with access to the full processing power of a 4.6GHz quad-core processor.
____________________
“Rule one: Always stick around for one more drink. That's when things happen. That's when you find out everything you want to know.”
I did the 2010 Round Britain Rally on my 350 Bullet. 89 landmarks, 3 months, 9,500 miles. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| UncleFester |
This post is not being displayed .
|
UncleFester
World Chat Champion
Joined: 30 Jun 2013
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Polarbear |
This post is not being displayed .
|
Polarbear
Super Spammer
Joined: 24 Feb 2007
Karma :
|
| Posted: 19:08 - 03 Jun 2022 Post subject: |
|
|
It was still a pain to update the password every month AND it wasn't just the PC. We had those stupid blackberry phones which were password locked and woe betide you if you got the password wrong 3 times as resetting it was an utter sf1tfest.
PLUS
we had a duty superintendents phone that had a different number that all our fleet used to call when there were serious, out of hours issues, and guess what, that password was changed every month as well so you got the phone with a sticky label on the back with the password written on it.
Security my arse.
____________________
Triumph Trophy Launch Edition |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| stinkwheel |
This post is not being displayed .
|
stinkwheel
Bovine Proctologist
Joined: 12 Jul 2004
Karma :
|
| Posted: 20:11 - 03 Jun 2022 Post subject: |
|
|
I think more places should use web mail. I reckon on site email is how much of the shite gets into systems. I don't use an email server at home, I'm happy for my viruses to stay on googles servers.
There again, I don't use windows at home either and frankly, I'm glad of it after using it at work because just about everything about it grinds my gears. Most recently it "autocorrecting" foreign language sections on a billingual document. So French words that are very similar to English ones were "autocorrected" to the English version.
Although there is an upside because they are quite happy to give me one of their old PCs minus the hard drive when they change them out because the new version of windows that does everything more slowly and less effectively than the previous version wont run on them.
Seems to me that the stuff you use PCs most for like word processing and spreadsheets work no better than they did when I first started using them in the early 90's yet seem to take a load more faffing and use 100x the processing power.
____________________
“Rule one: Always stick around for one more drink. That's when things happen. That's when you find out everything you want to know.”
I did the 2010 Round Britain Rally on my 350 Bullet. 89 landmarks, 3 months, 9,500 miles. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Islander |
This post is not being displayed .
|
Islander
World Chat Champion
Joined: 05 Aug 2012
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Robby |
This post is not being displayed .
|
Robby
Dirty Old Man
Joined: 16 May 2002
Karma : 
|
| Posted: 20:48 - 03 Jun 2022 Post subject: |
|
|
| Islander wrote: | We use Azure and M365 for email and to be honest, the biggest benefit of that from a security perspective is that Microsoft deal with updates and patching. They also malware scan of course and that's beneficial but anti malware of any type only works against known issues. Put a zero day package on and it'll probably be missed.
|
It also works nice if you have the full kool aid stack with W10, defender for endpoints, intune and sentinel. Then when malware does sneak through and get picked up afterwards, you can deal with it.
Not a big concern for home users browsing BCF, but useful with ~100k users.
Likewise for passwords. If everyone just followed the simple advice and chose strong, individual passwords, we could leave them alone and not have to have rules, enforced rotation, or even MFA. That doesn't happen, there will always be a handful of people whose password right now is Summer2022. |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Polarbear |
This post is not being displayed .
|
Polarbear
Super Spammer
Joined: 24 Feb 2007
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| hellkat |
This post is not being displayed .
|
hellkat
Super Spammer
Joined: 12 Jul 2004
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Polarbear |
This post is not being displayed .
|
Polarbear
Super Spammer
Joined: 24 Feb 2007
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
 |
Old Thread Alert!
The last post was made 3 years, 204 days ago. Instead of replying here, would creating a new thread be more useful? |
 |
|
|
Help & FAQs
Search BCF
Members
Groups
Events Calendar
rating
rating