The Glade 4.0

We may be cave trolls, but who do you have to call to reset your goddamn password?

_________________

Holy shitsnacks!

Maybe it has something to do with being asked to input an old password that you're not supposed to write down every so often, as specified in the OP, or when you have to have multiple passwords for multiple systems that have different requirements that you're also not supposed to write down and also have to be changed at different intervals.

Not that this is the fault of the IT people, but it's not the fault of the person needing help, either. Yeah, ok, people call up sometimes asking dumb questions. Get over it. Everyone says dumb **** from time to time. It's not because IT people are smart and the world around them is stupid. Shuyung illustrated the problem earlier; password requirements are silly and create this sort of problem. Most people can't even remember a phone number without writing it down or saving it in their phone.

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

All I'm saying is step out of the cave and stop hating people. Or not.

It generally seems to be a mutual disdain, which I get.

Two-factor authentication. We've solved this problem, people need to get on board.

_________________

I'll stop hating people when they stop being willfully ignorant, self-entitled, cockbags.

_________________

Holy shitsnacks!

I don't really see that needing a password reset because some jackwagon decided that you need to remember your old password, or because the system decided your "activity pattern" changed really falls under "entitlement", especially when you need it to do your work.

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

If this is the thing you were talking about in the cartoon earlier, that is awesome. Why no one seems to do that is beyond me.

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

It's not. The thing in the XKCD comic is simply an observation on password strength.

Passwords are still only one authentication factor, no matter how strong they are.

I'm really rather surprised that you're not familiar with 2-factor authentication. I would have thought that it's in common use, if not required, in our military.

Two-factor authentication combines two different types of authentication to help mitigate the risk of any one factor being compromised. The most common implementations of two-factor authentication are cards or dongles issued to individuals plus their password. WoW keychain/phone authenticators are an example.

The easy way to remember authentication types are: Something you have, Something you are, and Something you know.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

Ahh, ok. I guess I did know that, it just didn't "click" for some reason. I thought the 4-word password thing was so cool, I guess I just fixated on that.

In that case, yes it actually is in use. You have your ID card which has a chip on it. Then, you put it in a computer slot and type in a PIN. You could even think of it as 3-factor since you have to have a computer with the right kind of slot and the software to make the card work too. It can be installed on a home computer too, which is really handy. My unit administrator can prepare forms I need to sign, e-mail them to me, and then I digitally sign and send them back. It saves me a 45-minute drive to the unit, and her a lot of time.

The card reader itself is a pain, though. You either have to be issued one or special order it; They don't sell them in office supply stores last I checked (and I did actually look for one at one point, because the first one I was issued had all the instructions in German.)

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

Its the behavior when requesting the password reset that determines the entitlement, not the need for the reset in and of itself.

_________________

Holy shitsnacks!

I think you're confusing "douchebag" with "entitled".

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

It can be both.

_________________

Holy shitsnacks!

People get annoyed when the IT person forces them to waste time on stuff like "reboot the computer" and "check the connections" despite the fact that the password reset problem is by far the most common thing people from our department call them about combined with the fact that they have the ability to quickly check if the account is locked. If the account is locked, you're going to have to fix that anyways even if **** isn't plugged in. Why can't we do this first and then go to rebooting the computer if that doesn't solve the problem? Instead, you're just reading items off a list without any respect for the guy on the other side. At the very least, you could check the account status while my computer is rebooting, but the vast majority of the time they won't even do that, we have to get through all the time-wasting before they'll deign to actually do it.

maybe they're punishing you for forgetting your password all the $#%#$ time. Given the burst of the IT bubble, you probably have CCNAs etc, making about 1/5th of what they used to, manning the help desk, and they're having to babysit a bunch of overpaid dilettantes who can't be troubled to manage their own passwords.

As I've said before, the polar opposite of security is accessibility. The more secure you make something, the harder it is to get at, even for those you want to have it. Why don't I have sixteen locks on my front door? Because it's more of a pain in my butt to unlock and re-lock them every day than my situation warrants. I don't recall what you do, but odds are you have access to financials and other sensitive customer information on your network and if your company were to have an issue, it would severely hurt their (and by extension your) bottom line. As a result the IT powers that be have decided (right or wrong) on more security and less accessibility than you would like.

The other thing I learned in my school IT days, was the nicer I was to other departments, and the better I served them, the better they were when I needed something from them. I don't know if IT ever needs anything from your department, but if you are good to them, they will remember it down the road. Conversely, if you are seen as a "Problem Child" (rightly or wrongly), word gets around and it reflects the service you receive.

_________________
I prefer to think of them as "Fighting evil in another dimension"

Keepass
Lastpass

Can we all just agree to quit ***** about remembering passwords now?

I don't even know what any of my passwords are...

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

Heh, I would probably be fired immediately if I were to install anything on any of these computers without getting authorization in advance. Even opening internet explorer and visiting a non-intranet website would probably get me in trouble.

When the computers have access to medical records, someone in IT gives the go ahead to be as hardcore and obstructive as possible. We recently had an incident where two lab assistants installed Pandora on one of the computers to listen to music. They said that their manager said they could do it, their manager insisted they were asking him about listening to regular radio, not internet radio. Corporate's response when they couldn't figure out the truth? Just fire all three of them. In a rare case of a union actually doing something constructive, the lab assistants' union basically said, "This is bullshit, you're not firing them." They kept their jobs, the manager was still fired. I'm not in a union, so I'd have no protection.

My suggestion, BTW is to just ignore that idiots saying don't write it down, and write the damn password down. How are they going to know? Do they search your wallet when you come in?

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

Oh, I definitely write them down. Well, I keep them in my phone. Most others write them down too. It just baffles me how someone can sit down and write up requirements that they have to know will never be followed.

It's so that, when your written down password results in an information breach, they and their superiors don't get their asses handed to them in court by the victims. You're the one who violated policy.

As for IT giving the "go ahead to be as hardcore and obstructive as possible"... I guarantee it's HIPAA you get to thank for that, rather than overzealous sadists in IT. Honestly, I'm rather amazed that a lab computer could even access Pandora through the firewall.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades

I have to dispute XKCD in this case. If we recommended words in that nature, while amusing, the brute force tools would just be programmed to do the dictionary part first. Some tools are quite sophisticated. The increasing power of PCs, makes passwords a poor security safeguard regardless. It's still a best practice.

Even the 2-factor isn't foolproof. No security is. The CACs have already been broken. If someone wanted to get into your network and they had the know how, they'd do it from a hotel just off base. We make it hard enough that not just any script-kiddy can download a tool box and break in. The rest rely on detection tools and good management.

I'm glad they are hardcore about peoples medical info security. YMMV.

Unfortunately, some folks just don't have the people skills needed to talk to users/customers. They don't speak the same professional language as us, so you have to work out what is really going on. A lot of the AF guys don't know enough about... anything to know what questions to ask.

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn

IT isn't a cost center btw.

_________________
"...but there exists also in the human heart a depraved taste for equality, which impels the weak to attempt to lower the powerful to their own level and reduces men to prefer equality in slavery to inequality with freedom." - De Tocqueville

Sure it is. Does it generate revenue? No. So it's a cost center. There are only two types of units in the organizational breakdown I'm talking about: cost centers and revenue centers.

_________________
“The duty of a patriot is to protect his country from its government.” - Thomas Paine

So if an IT project increases productivity of workers by 15% which results in $10 million additional revenue, are they a cost center or revenue?

They're always a cost center. IT does not produce revenue directly.

_________________

Holy shitsnacks!