Announcement

Collapse
No announcement yet.

Is Your Password Safe Enough?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by Duke{CLR} View Post
    I have to do mine 4 times a year. I end my PW in 01 for the firs quarter and capitalize the first letter. Then in quarter 2 end it in 02 and capitalize the second letter..... You could do the same 6 times and be fine.
    There are six quarters in a year?
    Apache

    Where do you put the Bayonet?
    Chesty Puller (upon seeing a flamethrower for the first time)
    I am all in favor of keeping dangerous weapons out of the hands of fools. Lets start with typewriters.
    Frank Lloyd Wright

    Comment


      #17
      You could hack most of the USAF's passwords after you've been in for about a year. There are certain tricks that we all use to remember our passwords, it's just finding that starting point that is key. lol
      [IMG]http://img.photobucket.com/albums/v491/echosofbliss/seiko8wy.gif[/IMG]

      Comment


        #18
        Originally posted by Apache Warrior View Post
        There are six quarters in a year?
        Apache
        The six refers to Rands policy, we have the quarterly one.
        [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


        Killed by CLRs since 2004. WOOT!
        Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

        Comment


          #19
          I missed this article last time around. Funny part is we were just talking about this at work.

          We have a new hire who started today who leaned into my office and says "psst. Hey can I ask you a question- keeping in mind I am not trying to sound like an ----ole?"
          "sure" i said.
          "Okay, seriously now- how many @!#% passwords can I expect to have? I get on the call and I get my HR password, then in orientation I get my Sales password, then I get my Product Center password, my (company censored) password, Citrix password, my Salesforce.com password, and my Aetna password. Are we even close to done? I have another call in 40 min and I am sitting here wondering what the @!#%"

          I smirk and wave him in and around my desk, where I pull up an encrypted worksheet that I have hidden in plain sight on my desktop - complete with a fake icon label.

          It opens and he says "HOLY !%@# what is that?"
          I say "THAT my new friend, is what 27 system passwords look like, not including the 3 it takes to log in which I remember"



          He was seriously deer in headlights at that point. I love picking on people who have a firehose full of information in their mouth spraying all wildly.

          So anyways- I always game my passwords so that I end up spending half the day memorizing them. If I can remember them after I invent them, I get paranoid and try to do something more original. Ironically, I only have to refer to that password sheet a few times a month when a system I never log into needs my attention.

          Comment


            #20
            Originally posted by mapes View Post
            The thing is is the way password policy is enforced. Here at work our domain login password policy forces us to change our password every six months and it has to follow a rule of upper/lower case, symbol, length and uniqueness. This is totally annoying. I can't come up with a password that fits that rule and expect to remember it every six months. So what I do is have password that fits the rule with a number at the end. Every six months I then increment the number. How does this rule prevent a brute force attack. I mean basically the hacker just has to wait a couple more seconds. Personally I like RSA but. whatever.
            The password changing is the main thing I disagree with in the security community. Being a CISSP myself I understand it's goes against everything there are teaching, but what they don't realize is the most important thing is creating a strong password. Changing the password on a constant basis doesn't make an account more secure it only creates a natural reaction in the user community, animosity. This directly negates what they are trying to do which is make the user account more secure. It frustrates users and increases the chance of them leaving a written password laying around the computer area. If they would use some common sense, enforce strong passwords and backoff the frequency of password changing I think they would find they would decrease frustration and retain a level of security they are trying to obtain.

            If you guys think your password restrictions are fun, you should try the DoD communities policy. The same password requirements we've been talking about here, plus 14 length passwords in some cases and changing it every 64 days with a password history of 12 to 24 of the last passwords remembered and an added bonus of having to make at least 3 characters different.
            [IMG]http://thepebkac.net/images/sigs/Outdoors_sig.jpg[/IMG]
            Like the community? Donate here:
            [URL="http://www.cainslair.com/misc.php?do=donate"]http://www.cainslair.com/misc.php?do=donate[/URL]

            Comment


              #21
              The password protecting Druidia's precious atmosphere is 12345, and dangit, that's good enough for me.

              -Rand
              [img]https://farm5.staticflickr.com/4333/35734799273_0013dbe418_z.jpg[/img]

              Killing CLRs since 2004. BOOSH!
              Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

              Comment


                #22
                Originally posted by DougBob View Post
                If you guys think your password restrictions are fun, you should try the DoD communities policy. The same password requirements we've been talking about here, plus 14 length passwords in some cases and changing it every 64 days with a password history of 12 to 24 of the last passwords remembered and an added bonus of having to make at least 3 characters different.

                I'm surprised they don't use RSA tokens?

                Comment


                  #23
                  Originally posted by mapes View Post
                  I'm surprised they don't use RSA tokens?
                  Personal Certificates are required in the unclassified .mil community via smart cards and readers, but the DoD contractors haven't caught up with that.
                  [IMG]http://thepebkac.net/images/sigs/Outdoors_sig.jpg[/IMG]
                  Like the community? Donate here:
                  [URL="http://www.cainslair.com/misc.php?do=donate"]http://www.cainslair.com/misc.php?do=donate[/URL]

                  Comment


                    #24
                    Originally posted by DougBob View Post
                    Personal Certificates are required in the unclassified .mil community via smart cards and readers, but the DoD contractors haven't caught up with that.
                    Correction, also used with sensitive and certain classified documents now as well. With the move to sharepoint came a lot of this stuff.
                    [IMG]http://img.photobucket.com/albums/v491/echosofbliss/seiko8wy.gif[/IMG]

                    Comment


                      #25
                      Originally posted by Rand{CLR} View Post
                      The password protecting Druidia's precious atmosphere is 12345, and dangit, that's good enough for me.

                      -Rand
                      YouTube - Broadcast Yourself.
                      [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


                      Killed by CLRs since 2004. WOOT!
                      Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

                      Comment


                        #26
                        Originally posted by {CLR}geneSW View Post
                        Correction, also used with sensitive and certain classified documents now as well. With the move to sharepoint came a lot of this stuff.
                        LOL, agreed, I just try not to mention what our other community is doing
                        [IMG]http://thepebkac.net/images/sigs/Outdoors_sig.jpg[/IMG]
                        Like the community? Donate here:
                        [URL="http://www.cainslair.com/misc.php?do=donate"]http://www.cainslair.com/misc.php?do=donate[/URL]

                        Comment


                          #27
                          Originally posted by Duke{CLR} View Post

                          Comment

                          Cain's Lair Forums Statistics

                          Collapse

                          Topics: 26,187   Posts: 269,850   Members: 6,183   Active Members: 6
                          Welcome to our newest member, Fermin13Q.

                          Today's Birthdays

                          Collapse

                          There are no members with birthdays today.

                          Top Active Users

                          Collapse

                          There are no top active users.

                          More Posts

                          Collapse

                          • Reply to Hi guys!
                            by Evil_T0NY {CLR}
                            I've been Alpha and will be Beta testing the Delta Force game. It's been really getting good reviews! Definitely a good Battlefield feel to it like the...
                            14 Nov 2024, 08:50 PM
                          • Reply to Hope your all OK over there
                            by Apache Warrior
                            We had 17 inches of rain from the storm on November 7, 2024.
                            Apache
                            11 Nov 2024, 07:55 AM
                          • Reply to Hope your all OK over there
                            by Sirex
                            Aye, I'm inclined to agree with that lmao
                            Gone are the days of warm summers and snow filled winters here, nothing but rain and wind for 8mths of...
                            10 Nov 2024, 08:53 PM
                          • Reply to Hope your all OK over there
                            by Apache Warrior
                            Now we have had a lot of flooding in this area and there are still a lot of houses that have not been repaired. Must be the apocalypse.
                            ...
                            8 Nov 2024, 09:23 AM
                          Working...
                          X