Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
rant1ng44626yI see.
Has there been stories of hackers wandering in buildings at lunch time looking for pw's?
Because, there should be. -
@rant1ng I'll help you come up with some for @PonySlaystation...
I'm really good at coming up with stories... have 27 years (minus however long it took me to learn to talk) practice coming up with reasons I only have 1 hand... -
@rant1ng that's one of them. Another involves a parachute and the Alps. One involves a T Rex... and they all involve people being too slow to catch on...
-
d3VwZXd15236yYou can always make jokes like appending
echo sleep 0.1 >> ~/.bashrc
In their bashrc ;)
that will teach them to don't stick their password on the monitor -
Yeah, and every 3 months, they shall change the password, and it must be long and digits, upper/lowercase and special chars, and of course a different one for everything.
How the fuck is someone supposed to remember that after three weeks of holidays? OF COURSE I have a sticker with my password, just not directly at the monitor. -
Condor323326y@Fast-Nop enter password managers 🙂
@gintko I quite like fingerprint authentication, but I do have a concern about it.. you've got only 10 to play with, and it's impossible to change them. So when someone steals your fingerprint, makes a similar fingerprint that supports the same capacitive coupling that your fingers do (essentially a more advanced version of those touch pens or touchscreen gloves), that can be used to fool the fingerprint reader into thinking that it's you. It's definitely a lot better than passwords, PIN codes, pattern unlock or what have you, but it's far from perfect. Better but not really.. good I'd say. Personally I'd much rather use a sort of key fob with a resettable keypair, that can authenticate against devices using WiFi, Bluetooth, NFC or things like that for communication. That way you'd get the convenience of a passwordless authentication, the security of a key-based authentication, while omitting the immutability of a fingerprint. -
@Jilano any kind of company data in private smartphones would be even worse than stickers because for sticker spying, you first need physical access to the company.
I don't think that there is a relevant security hole as long as the sticker isn't in plain sight. -
@Jilano yeah ok but company smartphones for everyone ain't gonna happen - too expensive. Just like smartcard readers. It's not like we use passwords because the tech wouldn't be available.
If IT really wanted to do something useful, they would drop the useless and bad practice of forced password changes several times a year. Then people would have a chance to memorise them and wouldn't need to write them down. The whole issue is self-inflicted by the IT department. -
Condor323326y@Fast-Nop if the company runs Linux on their machines, it could be considered to use full disk encryption with LUKS keys (and give employees a 256MB USB stick to store a key, they're not that expensive anyway) and abolish logins altogether. If memory serves me right, lightdm has something in its config related to "seats" which would allow autologin as a specified user without password. Sudo could be exposed to the user or kept to the system administrators (so that they can manage the sudo passwords for updates and whatnot in a password database of theirs) and it'd be reasonably secure. Far more secure than a sticky note, that's for sure.
However, do keep in mind that the thought of mine that went into this scheme was only 2 minutes while having had 2 glasses of wine. Only a fool would import this scheme into their own infrastructure without doing a good amount of research on the topics and tools involved. -
@Condor that would be really secure because HR, finance, sales and management would have to work with pen and paper. Outside of the geekosphere, nobody is using desktop Linux.
-
Condor323326y@Fast-Nop See, when HR, finance, sales and mgmt. quit using PC's, there's no more fools behind the confuzers! Only advantages when it comes to this strategy XD
-
Rename4806yI think for these people "security" is comfort zone and believe me they don't wana leave it.
Related Rants
I wonder how many decades it will take until employees stop to fucking stick their passwords to the computer screen at their station. It is a complete fucking nightmare if you are responsible for the network!
Can we bring back the guillotine? But it must be stub!
Those nitwits shall suffer!
rant
passwords stupid practices