Current Events > we use the most insanely ridiculous password system at work

(+) Yeah! (+)

you log in to the main application using only a password, no username. when creating a password, you enter 5 characters of your choice, then the program generates an additional three characters for you. it resets every month, and you cannot repeat that same sequence of 5 characters at all within a 24 month period. that 8 letter "password" is your sole identifier

I like the system we use better: "how about you take responsibility for sharing your password since you're using cloud based accounts. And if it's a Windows PC and you leave your door unlocked, you're responsible if people do stupid shit. Same if you leave yourself logged in."

Seems to work.

This is why work PCs can be "hacked" by simply flipping over the keyboard.

Ours is set up to where each time you change a password you gave to add 1 more character. I'm up to 10 so far...
---

ToonLinkWithGun posted...

Ours is set up to where each time you change a password you gave to add 1 more character. I'm up to 10 so far...

That sounds like a bad time.
---

Questionmarktarius posted...

This is why work PCs can be "hacked" by simply flipping over the keyboard.

most of the security features of this application are designed to prevent the end user from using unauthorized third party programs and interfaces. they want you to pay out the nose (monthly, of course) for their expansion modules. so they do all sorts of arbitrary things like limit your login to one instance on one computer at any given time, and then relays every keystroke or mouse click back to a central server, which uses rate limiting to determine whether you're a human or a bot. this makes the interface extremely slow, but hey - at least you're not "cheating"

Baneposting posted...

I like the system we use better: "how about you take responsibility for sharing your password since you're using cloud based accounts. And if it's a Windows PC and you leave your door unlocked, you're responsible if people do stupid shit. Same if you leave yourself logged in."

Seems to work.

That is a fast ass way to destroy a company.
---

Forced monthly password changes just result in a lot of passwords like "April2017," "May2017,' etc.
---

Mernardi posted...

ToonLinkWithGun posted...

Ours is set up to where each time you change a password you gave to add 1 more character. I'm up to 10 so far...

That sounds like a bad time.

Yeah. I asked the our IT guy about it and his response was, "That's the way I want it."

IT...
---

Uh, 8 letter password is really weak O_o
---

ToonLinkWithGun posted...

Mernardi posted...

ToonLinkWithGun posted...

Ours is set up to where each time you change a password you gave to add 1 more character. I'm up to 10 so far...

That sounds like a bad time.

Yeah. I asked the our IT guy about it and his response was, "That's the way I want it."

IT...

So is there a maximum password length?
---

uwnim posted...

ToonLinkWithGun posted...

Mernardi posted...

ToonLinkWithGun posted...

Ours is set up to where each time you change a password you gave to add 1 more character. I'm up to 10 so far...

That sounds like a bad time.

Yeah. I asked the our IT guy about it and his response was, "That's the way I want it."

IT...

So is there a maximum password length?

I don't know. I held down a key once and it went forever...so...
---

ToonLinkWithGun posted...

uwnim posted...

ToonLinkWithGun posted...

Mernardi posted...

ToonLinkWithGun posted...

Ours is set up to where each time you change a password you gave to add 1 more character. I'm up to 10 so far...

That sounds like a bad time.

Yeah. I asked the our IT guy about it and his response was, "That's the way I want it."

IT...

So is there a maximum password length?

I don't know. I held down a key once and it went forever...so...

Lol, so I guess eventually the passwords get so long the workers have to quit cause they can't ever remember their password.
---

uwnim posted...

Lol, so I guess eventually the passwords get so long the workers have to quit cause they can't ever remember their password.

it's an ingenious solution that gets the higher paid tenured employees to leave so they can be replaced with fresh meat at lower wages

My job we all have an RSA that generates 6 random numbers for each login.
---

Dude... What's with people in IT thinking something super random but super short is secure?
---

MutantJohn posted...

Dude... What's with people in IT thinking something super random but super short is secure?

Cause you gotta work with people who are too dumb to memorize a 12 character password, and forcing them to change it monthly is hard enough. And then trying to force them to not write it down just gets the firing and rehiring process in a huge never ending cycle.
---

KiwiTerraRizing posted...

My job we all have an RSA that generates 6 random numbers for each login.

our software predates the concept of cybersecurity lol. it's basically an old AS/400 program that had a GUI created over the years. you can still get to the text backend if necessary

Ours is set up to where each time you change a password you gave to add 1 more character. I'm up to 10 so far...

I've never had this restriction imposed but I used to do it for sake of not memorizing a whole new password every so often.

I just retired a password that was 19 characters long. Naturally, I decided it was time to start over.
---

treewojima posted...

Questionmarktarius posted...

This is why work PCs can be "hacked" by simply flipping over the keyboard.

most of the security features of this application are designed to prevent the end user from using unauthorized third party programs and interfaces. they want you to pay out the nose (monthly, of course) for their expansion modules. so they do all sorts of arbitrary things like limit your login to one instance on one computer at any given time, and then relays every keystroke or mouse click back to a central server, which uses rate limiting to determine whether you're a human or a bot. this makes the interface extremely slow, but hey - at least you're not "cheating"

It's even easier than that.
Turn the keyboard over. There's a pretty good chance the password is written on a post-it stuck underneath.

Questionmarktarius posted...

It's even easier than that.
Turn the keyboard over. There's a pretty good chance the password is written on a post-it stuck underneath.

my coworker in accounting keeps her sticky note on the monitor. it's "dino7coq" lol

MutantJohn posted...

Dude... What's with people in IT thinking something super random but super short is secure?

No one in IT thinks that's actually a good way to do it, but like that other user said, other people are usually too dumb/incompetent to use anything better.

Personally, I use a 56-character nonsensical sentence for my passwords.

My job I've been working at for 13 years made it so you can never use the same password again, and you need to change it every 3 months.
---

I'm generally all for more password security but there comes a point where you're just like "come on, nobody gives this much of a shit".

Like when I signed up to some random message board or something and it required a 12 digit password with one capital letter, 2 numbers and a special character. Seriously, no one will ever remember that password.
---

pinky0926 posted...

Like when I signed up to some random message board or something and it required a 12 digit password with one capital letter, 2 numbers and a special character. Seriously, no one will ever remember that password.

It's also not as "secure" as whoever is mandating it seems to think.
https://xkcd.com/936/

Questionmarktarius posted...

pinky0926 posted...

Like when I signed up to some random message board or something and it required a 12 digit password with one capital letter, 2 numbers and a special character. Seriously, no one will ever remember that password.

It's also not as "secure" as whoever is mandating it seems to think.
https://xkcd.com/936/

There's always a relevant xkcd!! I'll be sure to use this next time I have this argument with someone.
---

pinky0926 posted...

Questionmarktarius posted...

pinky0926 posted...

Like when I signed up to some random message board or something and it required a 12 digit password with one capital letter, 2 numbers and a special character. Seriously, no one will ever remember that password.

It's also not as "secure" as whoever is mandating it seems to think.
https://xkcd.com/936/

There's always a relevant xkcd!! I'll be sure to use this next time I have this argument with someone.

That comic is actually why I have a nonsensical sentence as my password.

Mikablu posted...

pinky0926 posted...

Questionmarktarius posted...

pinky0926 posted...

Like when I signed up to some random message board or something and it required a 12 digit password with one capital letter, 2 numbers and a special character. Seriously, no one will ever remember that password.

It's also not as "secure" as whoever is mandating it seems to think.
https://xkcd.com/936/

There's always a relevant xkcd!! I'll be sure to use this next time I have this argument with someone.

That comic is actually why I have a nonsensical sentence as my password.

Yup. Don't use real words otherwise you open yourself up to dictionary attacks where random words from a dictionary are permuted.
---

Be sure to throw in a word like covfefe in your sentence for good measure.
---