|
Volmarias posted:I'm morbidly curious how you're doing this. We just get each user to email us their password and then compare them against a list of common passwords EAT THE EGGS RICOLA fucked around with this message at 22:23 on Sep 22, 2013 |
#
?
Sep 22, 2013 17:02
|
|
|
|
| # ? Apr 27, 2024 16:18 |
|
|
EAT THE EGGS RICOLA posted:We just get each user to email us their password and then church them against a list of common passwords I hope everyone that actually mails you their password instantly loses and/or gets sacked for failing to observe proper security protocols.
|
|
#
?
Sep 22, 2013 18:34
|
|
|
EAT THE EGGS RICOLA posted:We just get each user to email us their password and then church them against a list of common passwords Jesus Christ, I knew not to do that before I ever had my first account that required a password anywhere. Which leads me to this: What's the bigger test, whether they send you their password or whether it's on your list? What happens if they DON'T send you their password?
|
|
#
?
Sep 22, 2013 18:42
|
|
|
Honestly, I figured the actual drawing was "anyone who doesn't email us their password".
|
|
#
?
Sep 22, 2013 18:56
|
|
|
EAT THE EGGS RICOLA posted:We just get each user to email us their password and then church them against a list of common passwords  Somehow I would have preferred brute-force as the answer.
|
|
#
?
Sep 22, 2013 18:59
|
|
|
I'm kidding, we just try and bruteforce them using L0pthcrack. People seem almost desperate to email or tell me their passwords though.
|
|
#
?
Sep 22, 2013 19:14
|
|
|
EAT THE EGGS RICOLA posted:I'm kidding, we just try and bruteforce them using L0pthcrack. People seem almost desperate to email or tell me their passwords though. Well played  Does anyone know of a video conferencing setup that plays well with Lifesize and is not Bluejeans? Looks like we need to get some VIP's to be able to remotely access our somewhat regular Lifesize meetings and have some extremely strong opposition to using Bluejeans.
|
|
#
?
Sep 22, 2013 22:00
|
|
|
EAT THE EGGS RICOLA posted:I'm kidding, we just try and bruteforce them using L0pthcrack. People seem almost desperate to email or tell me their passwords though. Serious? That was either ultra-stupid or a hell of a save.
|
|
#
?
Sep 22, 2013 22:14
|
|
|
HalloKitty posted:Serious? That was either ultra-stupid or a hell of a save.
|
|
#
?
Sep 22, 2013 22:36
|
|
|
Mercurius posted:He mentioned previously that the ones they couldn't crack got a prize so I thought it was already fairly obvious that they were using brute force or rainbow tables on them and his previous comment was a joke. Alcohol has no doubt caused me to make two elementary mistakes in a short space of time on this noble forum; for that I unequivocally apologise. Lest I am banned and have to pay ten dollars, I will gladly give the money to Lowtax for my foolishness.
|
|
#
?
Sep 22, 2013 22:52
|
|
|
HalloKitty posted:Alcohol has no doubt caused me to make two elementary mistakes in a short space of time on this noble forum; for that I unequivocally apologise. Lest I am banned and have to pay ten dollars, I will gladly give the money to Lowtax for my foolishness. I get that way too when I'm looking forward to the first drink of the night. It's hard to post straight without a beer on the desk.
|
|
#
?
Sep 22, 2013 23:18
|
|
|
HalloKitty posted:Alcohol has no doubt caused me to make two elementary mistakes in a short space of time on this noble forum; for that I unequivocally apologise. Lest I am banned and have to pay ten dollars, I will gladly give the money to Lowtax for my foolishness. I dunno. I'm slowly warming to the idea of sending users daily advisories not to email passwords to anyone for a week, then having a contest asking for people to send in their passwords. The prize is they get their account locked. It's astounding the number of people who will up and give passwords if you hint in any way that you're related to support, even if the problem doesn't touch login issues.
|
|
#
?
Sep 22, 2013 23:26
|
|
|
18 Character Limit posted:I dunno. I'm slowly warming to the idea of sending users daily advisories not to email passwords to anyone for a week, then having a contest asking for people to send in their passwords. The prize is they get their account locked. People are always amazed at my work when I tell them I do not know their password and no, I can not look it up. Then they try to tell it to me and I have to tell them I don't want to know.
|
|
#
?
Sep 22, 2013 23:34
|
|
|
jim truds posted:People are always amazed at my work when I tell them I do not know their password and no, I can not look it up. Then they try to tell it to me and I have to tell them I don't want to know. Some people are positively giddy when they tell me that their password is "Gloria" and that's it's the same for everything.
|
|
#
?
Sep 23, 2013 01:12
|
|
|
A lot of people just don't think their mother's name is both easily looked up and not at all an original idea. They genuinely think they're clever and that you'll be impressed by their scheme. "My password is Binky! He's my pomeranian! Who would guess that?" *posts eight photos a day of "Look at this cute little guy in my purse with me at work! #binky #pomeranian #starbucks #initech" to every social media site with an iphone app* Javid fucked around with this message at 01:27 on Sep 23, 2013 |
|
#
?
Sep 23, 2013 01:20
|
|
|
Javid posted:A lot of people just don't think their mother's name is both easily looked up and not at all an original idea. They genuinely think they're clever and that you'll be impressed by their scheme. To be fair, people want to believe their banking is safe but bank phonesupport gives you a bunch of attitude when you call up and say your maiden name was "341RQ-887TL-692JB" of the Detroit 692JB's.
|
|
#
?
Sep 23, 2013 01:45
|
|
|
Javid posted:"My password is Binky! He's my pomeranian! Who would guess that?" *posts eight photos a day of "Look at this cute little guy in my purse with me at work! #binky #pomeranian #starbucks #initech" to every social media site with an iphone app* It gets even sillier than that. I did some IT work for an agency for the blind. Everyone with a guide dog used the dog's name as a password. Every single person. If you were really lucky, it was the name of a guide dog they'd had in the past.
|
|
#
?
Sep 23, 2013 02:21
|
|
|
EAT THE EGGS RICOLA posted:People seem almost desperate to email or tell me their passwords though. Unsurprisingly, I have this problem too, but although I try to train them out of it, I also have to deal with my coworker straight up asking people for their passwords, so I will never win that battle.
|
|
#
?
Sep 23, 2013 04:31
|
|
|
18 Character Limit posted:To be fair, people want to believe their banking is safe but bank phonesupport gives you a bunch of attitude when you call up and say your maiden name was "341RQ-887TL-692JB" of the Detroit 692JB's. Since I'm already using KeePass, I just calculate a salted hash of the real value and store the salt in the KeePass database. Which means that if my mother's maiden names was Jones, for example, I could enter "bada93e1200a5937c9e7c59a84df7a41279f1978" for that question and store "dotheneedful" as the hash value. This doesn't reduce the immediate confusion when the support rep tries to verify that you gave them the correct information, but it's fairly easy to explain.
|
|
#
?
Sep 23, 2013 04:32
|
|
|
Domus posted:It gets even sillier than that. I did some IT work for an agency for the blind. Everyone with a guide dog used the dog's name as a password. Every single person. If you were really lucky, it was the name of a guide dog they'd had in the past. Find the guy walking them through sign up. Its the guy telling them "Just use your guide dog's name" I bet.
|
|
#
?
Sep 23, 2013 04:39
|
|
|
In older versions of Plesk, it stores email account passwords in plaintext in the SQL database. Which isn't as terrible as it seems, because the SQL database is owned by root, and if you have access to it you can just change the password, but, it's still pretty bad. Whenever I'm on one of those devices I'll do a query to pull up the usernames and password WHERE password LIKE '%password%' and I'll usually get a few dozen hits. Throw in '%Passw0rd%' or '%123' for extra fun/sadness. It's a real mystery why we find them sending spam all the time. Edit: domainname123 is INSANELY common, as well. Comradephate fucked around with this message at 05:22 on Sep 23, 2013 |
|
#
?
Sep 23, 2013 05:16
|
|
|
I like the way *nix stores passwords, which I have done a taking to in my apps that I code. Encrypt it one way, remove any trace of it from memory. If a user types his password back in, you have to re-encrypt it again and compare the encrypted value to the encrypted password.
|
|
#
?
Sep 23, 2013 05:35
|
|
|
ratbert90 posted:I like the way *nix stores passwords, which I have done a taking to in my apps that I code. Well, that's the Right Way to do it. And that will work until you meet someone with more education than sense, who will ask why if a user forgets their password, we can't just email it to them in plaintext. It'd be such a great convenient feature, have it ready by Monday. In other news, I've been notified I must take a drug test before reporting to work tomorrow, my only alternative being to resign. This oughta be interesting...
|
|
#
?
Sep 23, 2013 05:48
|
|
|
sfwarlock posted:In other news, I've been notified I must take a drug test before reporting to work tomorrow, my only alternative being to resign. This oughta be interesting... Sounds like a company that doesn't want to keep it's programming department. If our company had drug tests they'd be out of business by next week.
|
|
#
?
Sep 23, 2013 06:14
|
|
|
Ursine Asylum posted:Sounds like a company that doesn't want to keep it's programming department. If our company had drug tests they'd be out of business by next week. Ditto, we just have a "Don't do it here" policy
|
|
#
?
Sep 23, 2013 06:16
|
|
|
Drug tests are why I will never move to the states for work. It seems so weird and draconian and arbitrary. "Yeah, we like you alright, and there's nothing to complain about in your performance, we'd just like to have an arbitrary excuse to fire you for some reason."
|
|
#
?
Sep 23, 2013 06:37
|
|
|
Pro tip to anyone with the cloud to butt extension turned on. It will replace forms you are typing in with butt as well. Normally hilarious but bad for job apps.
|
|
#
?
Sep 23, 2013 06:59
|
|
|
tehloki posted:Drug tests are why I will never move to the states for work. It seems so weird and draconian and arbitrary. "Yeah, we like you alright, and there's nothing to complain about in your performance, we'd just like to have an arbitrary excuse to fire you for some reason." Hah! Like they need a drug test for that. I guess it's more like "We have this set of ethics, and we think you should too."
|
|
#
?
Sep 23, 2013 06:59
|
|
|
mysteryberto posted:Pro tip to anyone with the cloud to butt extension turned on. It will replace forms you are typing in with butt as well. Normally hilarious but bad for job apps. Instant hire.
|
|
#
?
Sep 23, 2013 07:59
|
|
|
Ursine Asylum posted:Sounds like a company that doesn't want to keep it's programming department. If our company had drug tests they'd be out of business by next week. I'd fail one of those, and I don't do drugs. One of the legit medications I'm taking has a side effect of making you test positive for methamphetamine.
|
|
#
?
Sep 23, 2013 10:08
|
|
|
Lum posted:I'd fail one of those, and I don't do drugs. You declare that medicine I guess. But you have a right to not disclose medical info. So just claim you are taking meds that cause that. But even that would be traceable. So I guess really you just gotta say 'I dont take that'
|
|
#
?
Sep 23, 2013 11:46
|
|
|
sfwarlock posted:In other news, I've been notified I must take a drug test before reporting to work tomorrow, my only alternative being to resign. This oughta be interesting... Surely you have the alternative of doing neither? IF they want you to leave surely they have to actually fire you.
|
|
#
?
Sep 23, 2013 11:57
|
|
|
Lum posted:I'd fail one of those, and I don't do drugs. Just have a hearty Danish breakfast with two-three delicious poppy seed bread rolls, and you're going to show some interesting results for opiates.
|
|
#
?
Sep 23, 2013 12:23
|
|
|
sfwarlock posted:In other news, I've been notified I must take a drug test before reporting to work tomorrow, my only alternative being to resign. This oughta be interesting... Hope you haven't eaten a plethora of poppy seeds lately... e:f;b 
|
|
#
?
Sep 23, 2013 12:24
|
|
|
tehloki posted:Drug tests are why I will never move to the states for work. It seems so weird and draconian and arbitrary. "Yeah, we like you alright, and there's nothing to complain about in your performance, we'd just like to have an arbitrary excuse to fire you for some reason." In many places it's just a one time screening for hiring and they never do it again.
|
|
#
?
Sep 23, 2013 12:28
|
|
|
tehloki posted:Drug tests are why I will never move to the states for work. It seems so weird and draconian and arbitrary. "Yeah, we like you alright, and there's nothing to complain about in your performance, we'd just like to have an arbitrary excuse to fire you for some reason." It's more common for blue collar employees, where using a forklift on shrooms can lead to bad things happening. It's very uncommon for white collar roles, however, and I can't imagine that upper management roles aren't exempt, de facto if not de jure.
|
|
#
?
Sep 23, 2013 12:50
|
|
|
Volmarias posted:It's more common for blue collar employees, where using a forklift on shrooms can lead to bad things happening. It's very uncommon for white collar roles, however, and I can't imagine that upper management roles aren't exempt, de facto if not de jure. I work IT for a manufacturing company and random drug tests happen for 100% of the employees mainly because people have gotten hurt on the plant floor.
|
|
#
?
Sep 23, 2013 13:23
|
|
|
I was drug tested as a condition of employment. I don't do any drugs so, you know, no big deal, but it's common.
|
|
#
?
Sep 23, 2013 13:33
|
|
|
I suppose the rules might be different for IT support roles because you're all janitors 
|
|
#
?
Sep 23, 2013 13:36
|
|
|
|
| # ? Apr 27, 2024 16:18 |
|
|
I think it's more about the nature of the employer. Larger organizations more likely to require it than small, public more than private, and so on.
|
|
#
?
Sep 23, 2013 14:03
|
|