- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: Required password changes
Posted on 5/21/20 at 3:39 pm to WaydownSouth
Posted on 5/21/20 at 3:39 pm to WaydownSouth
I agree that it's a minor annoyance, especially if you're someone who doesn't stay automatically logged in on all their devices (you're an abject retard if you do), but I understand why.
Although, there are some instances where it seems completely unnecessary to have a password at all. Has anyone tried applying to jobs lately? Every organization makes you register an account with their job portal...like what is someone gonna do, hack my account and apply to jobs for me?
At LSU they changed our passwords automatically every 180 days on some things and it was always a random word followed by a random 2 digit number and then another random word, sounded like a football play. For example:
carrot52table
doghouse27napkin
poison43truck
fence38mustard
I've used some minor variation of the first password they gave me my first year of law school 9 years ago. The little strength bar always says my password is very strong, so I got that going for me I guess.
Although, there are some instances where it seems completely unnecessary to have a password at all. Has anyone tried applying to jobs lately? Every organization makes you register an account with their job portal...like what is someone gonna do, hack my account and apply to jobs for me?
At LSU they changed our passwords automatically every 180 days on some things and it was always a random word followed by a random 2 digit number and then another random word, sounded like a football play. For example:
carrot52table
doghouse27napkin
poison43truck
fence38mustard
I've used some minor variation of the first password they gave me my first year of law school 9 years ago. The little strength bar always says my password is very strong, so I got that going for me I guess.
This post was edited on 5/21/20 at 3:40 pm
Posted on 5/21/20 at 3:42 pm to WaydownSouth
Download a password manager (Lastpass, Keeper, Dashlane, KeePass) and create truly secure passwords that you can auto-fill from your desktop/phone.
That way you only have to remember one (hopefully strong) password, and you can let the manager randomly generate strong passwords so you can stop doing stupid shite like making all of your passwords some variation of the one you've used since you were in college.
extra tip for more security: create fake answers to security questions and save those in your password manager database. That way if someone tries to access one of your accounts by simply knowing your mother's maiden name or first pet, they'll be screwed because you answered those with Asstastic and translucent orange dildo, respectively.
That way you only have to remember one (hopefully strong) password, and you can let the manager randomly generate strong passwords so you can stop doing stupid shite like making all of your passwords some variation of the one you've used since you were in college.
extra tip for more security: create fake answers to security questions and save those in your password manager database. That way if someone tries to access one of your accounts by simply knowing your mother's maiden name or first pet, they'll be screwed because you answered those with Asstastic and translucent orange dildo, respectively.
Posted on 5/21/20 at 3:43 pm to WaydownSouth
When you have accounts that are holding 6+ digit numbers in them you want them to be secure. Though what you'll find in IT is that generally the password isn't the weakness, it's the human who can be enginered or tricked into giving away all your information.
The passwords I give to my employees range from 8-12 characters and only exclude special symbols. So our passwords come out looking funky.
One of our older employees did not understand what the hell phishing is or emails designed to steal your information, for almost 2 months her homepage on google was something to the effect of www.googel.com/advadei327732432adffav095ai;haibh039323404392403u54afhj20394u09jgafe and the webpage had christmas lights around the border of the website like TD gets every year when Chicken forgets to take them down.
Her emails kept getting hacked repeatable and low and behold it's because every time we would clean her PC out she would just download another keylogger or malware. I wouldn't have a cared as much if we were running VM's at the office, but these computers are directly on the network. I've made my pleas to the owners.
The passwords I give to my employees range from 8-12 characters and only exclude special symbols. So our passwords come out looking funky.
One of our older employees did not understand what the hell phishing is or emails designed to steal your information, for almost 2 months her homepage on google was something to the effect of www.googel.com/advadei327732432adffav095ai;haibh039323404392403u54afhj20394u09jgafe and the webpage had christmas lights around the border of the website like TD gets every year when Chicken forgets to take them down.
Her emails kept getting hacked repeatable and low and behold it's because every time we would clean her PC out she would just download another keylogger or malware. I wouldn't have a cared as much if we were running VM's at the office, but these computers are directly on the network. I've made my pleas to the owners.
Posted on 5/21/20 at 3:45 pm to CaptainPanic
quote:
What are you basing this on?
I’ve read and heard a lot on it, but here’s an actual study on it:
LINK
quote:
In The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis, researchers at the University of North Carolina at Chapel Hill present the results of a 2009-2010 study of password histories from defunct accounts at their university.
The UNC researchers obtained the passwords to over 10,000 defunct accounts belonging to former university students, faculty, and staff. Users were required to change the password for these accounts every 3 months. For each account, the researchers were given a sequence of 4 to 15 of the user’s previous passwords – their total data set contained 51,141 passwords.
quote:
The researchers then developed password cracking approaches that formulated guesses based on the previous password selected by a user. They observed that users tended to create passwords that followed predictable patterns, called “transformations,” such as incrementing a number, changing a letter to similar-looking symbol (for example changing an S to a $), adding or deleting a special character (for example, going from three exclamation points at the end of a password to two), or switching the order of digits or special characters (for example moving the numbers to the beginning instead of the end).
quote:
The UNC researchers found that for 17% of the accounts they studied, knowing a user’s previous password allowed them to guess their next password in fewer than 5 guesses. An attacker who knows the previous password and has access to the hashed password file (generally because they stole it) and can carry out an offline attack can guess the current password for 41% of accounts within 3 seconds per account (on a typical 2009 research computer). These results suggest that after a mandated password change, attackers who have previously learned a user’s password may be able to guess the user’s new password fairly easily.
quote:
I thought you just restock shelves at Whole Foods?
Weird personal attack that has nothing to do with the topic, but I’ve never once worked at Whole Foods. Sweet melt I guess.
Posted on 5/21/20 at 3:46 pm to TH03
quote:
Constantly changing passwords always means people choose ones that are easy to remember. It always turns out to be much less secure than just keeping the same one or changing much less frequently.
password expiration intervals are usually accompanied by other requirements such as multiple character types, minimum length, remembered passwords, lockout limits, etc.
Password expiration is more secure than not, all else equal. There really isn't any way to argue otherwise.
eta:
That study doesn't prove what you're arguing, unless you're not really explaining yourself well.
This post was edited on 5/21/20 at 3:48 pm
Posted on 5/21/20 at 3:47 pm to TH03
quote:
Nowadays it’s “randomword123”
Not very secure.
“randomword123!”
Nobody will ever crack it.
Posted on 5/21/20 at 3:47 pm to GRTiger
quote:His post right above yours kinda proves the opposite.
Password expiration is more secure than not, all else equal. There really isn't any way to argue otherwise.
Scruffy usually picks the most recent show or movie he watched combined with a random date and 2 or 3 random symbols.
Other routes include memorizing random barcodes on random products around the house.
This post was edited on 5/21/20 at 3:49 pm
Posted on 5/21/20 at 3:48 pm to WaydownSouth
I’m guessing you don’t understand technology.
Posted on 5/21/20 at 3:49 pm to Codythetiger
quote:
When you have accounts that are holding 6+ digit numbers
Pffft subtle brag
But yes this is a huge issue with older employees. Also surprisingly, younger employees who have grown up with "fool proof" technology and apps that kinda did everything for them.
I remember re-formatting computers and having to dig into the registry to fix stuff at home, playing around with Kaspersky/TDSSkiller, torrenting games, using those CD-key generators etc. and I'm not an IT guy or what one would consider a techie. I think Apple (for better or worse) did quite a bit for the user-friendliness and simplification of technology for the average stooge.
This post was edited on 5/21/20 at 3:54 pm
Posted on 5/21/20 at 3:49 pm to Scruffy
quote:
His post right above yours kinda proves the opposite.
No, it doesn't.
The researchers were given the original passwords. If you have that information, would you say it would be easier to "crack" the password if it was still the same, or would it be incrementally harder to crack even a slightly
modified version of the original?
Posted on 5/21/20 at 3:49 pm to Boring
all passwords are stupid. Put the stupid finger print back on laptops. we already have them on our phones. Anytime a password is needed, it should simply be my fingerprint.
I understand poor people will have a problem with that, so my alternate solution is that all passwords should have the same requirements, standardize them. I should be able to use BigTitLover69! for all passwords, but you'll have some that will say, nope can't be more than 12 characters, or nope can't use special characters, then you have some that say nope has to be more than 10 characters, or you have to have a special character, or you can't use repeating letters and/or numbers, which is why it's not BigBoobLover00!
WHy can't we just get a standard for what a password should be, and everybody abide by it? Since everyone has different requirements, i have several different passwords i use with stupid little iterations in them. Makes no sense for everyone to have different requirements, requiring people to save their passwords in other places to remember them. It defeats the purpose of passwords when you have to do that.
I understand poor people will have a problem with that, so my alternate solution is that all passwords should have the same requirements, standardize them. I should be able to use BigTitLover69! for all passwords, but you'll have some that will say, nope can't be more than 12 characters, or nope can't use special characters, then you have some that say nope has to be more than 10 characters, or you have to have a special character, or you can't use repeating letters and/or numbers, which is why it's not BigBoobLover00!
WHy can't we just get a standard for what a password should be, and everybody abide by it? Since everyone has different requirements, i have several different passwords i use with stupid little iterations in them. Makes no sense for everyone to have different requirements, requiring people to save their passwords in other places to remember them. It defeats the purpose of passwords when you have to do that.
Posted on 5/21/20 at 3:50 pm to GRTiger
quote:
That study doesn't prove what you're arguing, unless you're not really explaining yourself well.
Did you not read it? The newer passwords weren’t any more secure than previous ones and people were basically using the same ones just with minor variations that were easy to crack.
Constant password changes only work if you do what you mentioned and use a program that generates secure passwords. Most people don’t do that though so they make something they can remember, which isn’t very secure.
Posted on 5/21/20 at 3:53 pm to TH03
quote:
Constantly changing passwords always means people choose ones that are easy to remember. It always turns out to be much less secure than just keeping the same one or changing much less frequently.
Which is why NIST has already changed their guidelines concerning frequency of password changes.
A long passphrase that is changed infrequently is much more secure than a shorter, complex one that's changed frequently...for just the reasons you stated.
Posted on 5/21/20 at 3:54 pm to Centinel
I was literally just copying that part of the article.
I think you and I have discussed this before too.
I think you and I have discussed this before too.
quote:
Should organizations mandate regular password changes? The National Institute of Standards and Technology (NIST) explained in a 2009 publication on enterprise password management that while password expiration mechanisms are “beneficial for reducing the impact of some password compromises,” they are “ineffective for others” and “often a source of frustration to users.” They went on to encourage organizations to balance security and usability needs, outlining some factors to consider. NIST emphasized that other aspects of password policies may have greater benefits than mandatory expiration, including requirements for password length and complexity, as well as use of slow hash functions with well-chosen “salt” (a technique to make sure that if two users have the same password they won’t look the same when hashed).
Posted on 5/21/20 at 3:56 pm to WaydownSouth
I started with Password@1 and I'm now on Password@27.
I will never break the chain. Never!
Posted on 5/21/20 at 3:57 pm to The Egg
quote:
You can tell those dude is old as frick
Yeah, and they is gray too. You think them like ribeyes?
Posted on 5/21/20 at 3:58 pm to TH03
(no message)
This post was edited on 6/9/20 at 1:14 pm
Posted on 5/21/20 at 3:58 pm to WaydownSouth
You’re probably the same guy that’s pissed off because you can’t smoke a cigarette while pumping gas. Stupid arse rules, huh?
Posted on 5/21/20 at 3:58 pm to TH03
The thing that pisses me off is we want to adopt those NIST guidelines, but some of our clients won't accept it because their "security experts" (read: box checking auditors) don't keep up with current standards or guidelines.
It's asinine. It makes the end user happier AND makes the network more secure. You'd think it's a sure fire win-win.
But nope. Auditor say you no check box correctly!!!
It's asinine. It makes the end user happier AND makes the network more secure. You'd think it's a sure fire win-win.
But nope. Auditor say you no check box correctly!!!
Popular
Back to top
Follow TigerDroppings for LSU Football News