2 of 3
2
Here’s a chuckle
Posted: 18 September 2013 07:34 PM   [ Ignore ]   [ # 16 ]
Sr. Member
RankRankRankRankRankRankRankRankRankRank
Total Posts:  3202
Joined  2011-11-04
Occam. - 18 September 2013 07:21 PM

Sorry, they require five characters and I didn’t bother listing the last one.  LOL

Occam

No doubt the last character is “5”. 

I never noticed the period, after Occam, before.  It seem appropriate, however, as “Occam.” could be viewed as a complete (though particularly frugal) sentence.  The noun in the sentence, being “Occam” and the remainder of the sentence, though hidden, is understood to be “is succinct”.

 Signature 

As a fabrication of our own consciousness, our assignations of meaning are no less “real”, but since humans and the fabrications of our consciousness are routinely fraught with error, it makes sense, to me, to, sometimes, question such fabrications.

Profile
 
 
Posted: 18 September 2013 07:37 PM   [ Ignore ]   [ # 17 ]
Sr. Member
Avatar
RankRankRankRankRankRankRankRankRankRank
Total Posts:  4849
Joined  2007-10-05

Naw, he added the period a few years ago after he forgot his password, hence the new, easily remembered one. I didn’t have the heart to tell him his old one was “password.”

[ Edited: 18 September 2013 07:40 PM by DarronS ]
 Signature 

You cannot have a rational conversation with someone who holds irrational beliefs.

Profile
 
 
Posted: 18 September 2013 07:40 PM   [ Ignore ]   [ # 18 ]
Moderator
RankRankRankRankRankRankRankRankRankRank
Total Posts:  5551
Joined  2010-06-16

NOW you tell me.  I’ve been going crazy for years forgetting that damned period and having to go back and correct things.  LOL

Occam

 Signature 

Succinctness, clarity’s core.

Profile
 
 
Posted: 19 September 2013 05:06 AM   [ Ignore ]   [ # 19 ]
Sr. Member
RankRankRankRankRankRankRankRankRankRank
Total Posts:  1412
Joined  2009-10-21
DarronS - 16 September 2013 09:11 PM
Thevillageatheist - 12 September 2013 06:26 PM

Damn does that sound familiar! I teach on line classes and must change passwords every ninety days. Every time I do something screws up and I have to call a tech who straightens it out, for a while, so I alternate between two passwords I’m familiar with and switch numbers around. Frustrating as hell. I think god’s punishing me, sorry Occam.  downer

Cap’t Jack

I’ve never understood why I have to change passwords. If I have a good, strong password, why change it? This seems like something an IT admin thought up a long time ago and has become acccpted dogma without any evidence.

There are no red flashing lights that go off when someone’s account has been hacked. Someone has to be actually looking for illegal activity. A different person using your account with your password using a registered browser would not be detectable at all. Rather than spend all that time looking for something to NOT be happening, it’s easier just to get everyone changing their passwords often.

Profile
 
 
Posted: 19 September 2013 05:48 AM   [ Ignore ]   [ # 20 ]
Sr. Member
Avatar
RankRankRankRankRankRankRankRankRankRank
Total Posts:  2218
Joined  2007-04-26
Lausten - 19 September 2013 05:06 AM

There are no red flashing lights that go off when someone’s account has been hacked. Someone has to be actually looking for illegal activity. A different person using your account with your password using a registered browser would not be detectable at all. Rather than spend all that time looking for something to NOT be happening, it’s easier just to get everyone changing their passwords often.

Easier for who? I went to the hospital yesterday after not having been there for a while and the system would not let me in because the old password had expired. Because it expired I couldn’t change it myself. I spent a half hour on the phone with tech support just to get someone to change it for me.

Does anyone actually have any evidence that this crazy system works to reduce unauthorized intrusions? I would guess that most hackers get in and do their dirty work in a short time so changing my password 30 days after they discover it probably isn’t going to do much good. Additionally we all have so many passwords for so many systems and the rules are so complex that we all have to have a system for generating new passwords that makes it easy to remember. Most hackers are going to know this and if they figured out our password in the first place they shouldn’t have much trouble figuring out the system we use to generate new ones.

I’m curious though. Has any one really studied this to see if these cumbersome password policies actually help reduce intrusions? They sure create a lot of headaches.

 Signature 

For every complex problem there is a solution that is simple, obvious,.... and just plain wrong

Profile
 
 
Posted: 19 September 2013 08:43 AM   [ Ignore ]   [ # 21 ]
Moderator
RankRankRankRankRankRankRankRankRankRank
Total Posts:  5551
Joined  2010-06-16

Maybe what the hospital system needs, Mac, is a multiple tier of accounts.  Your first is the standard one.  The second with a different password only contains the password for the first in case you forgot it, the third contains the password for the second in case you forgot that, etc.  That way, if you ever forget any of them you can go to a lower tier and work your way back up.  LOL

Geez, I shouldn’t have suggested it because our webmasters will probably start instituting it.  vampire smile

Occam

 Signature 

Succinctness, clarity’s core.

Profile
 
 
Posted: 19 September 2013 09:06 AM   [ Ignore ]   [ # 22 ]
Sr. Member
RankRankRankRankRankRankRankRankRankRank
Total Posts:  2602
Joined  2012-10-27
Occam. - 18 September 2013 07:40 PM

NOW you tell me.  I’ve been going crazy for years forgetting that damned period and having to go back and correct things.  LOL

Occam

Change it to “Occamperiod”. wink

Profile
 
 
Posted: 19 September 2013 09:40 AM   [ Ignore ]   [ # 23 ]
Sr. Member
RankRankRankRankRankRankRankRankRankRank
Total Posts:  1412
Joined  2009-10-21
macgyver - 19 September 2013 05:48 AM

I’m curious though. Has any one really studied this to see if these cumbersome password policies actually help reduce intrusions? They sure create a lot of headaches.

Really? Have you ever looked at all the settings that are behind your internet connection? Has anyone ever said, “yeah, I could have invented the internet. It was just a good idea waiting for someone stumble upon it.” Is Steve Balmer a billionaire for no good reason? Do you think all that effort has gone into making computers more secure and no one thought about how to deal with user names and passwords?

Stealing passwords that are the name of your cat is pretty common, so I named my cat TWe45_yupper but I pronounce it “fluffy”.

Profile
 
 
Posted: 19 September 2013 10:03 AM   [ Ignore ]   [ # 24 ]
Sr. Member
Avatar
RankRankRankRankRankRankRankRankRankRank
Total Posts:  4849
Joined  2007-10-05
Lausten - 19 September 2013 09:40 AM

Have you ever looked at all the settings that are behind your internet connection?

I have. I used to document Internet gateway commands when I was a tech writer. As far as I can tell from working with programmers and reading about security the only time it is necessary to change your password is immediately after a security breach, which is far more likely on a Windows based server than on one running Linux or Mac OS.

 Signature 

You cannot have a rational conversation with someone who holds irrational beliefs.

Profile
 
 
Posted: 19 September 2013 11:19 AM   [ Ignore ]   [ # 25 ]
Sr. Member
RankRankRankRankRankRankRankRankRankRank
Total Posts:  1412
Joined  2009-10-21
DarronS - 19 September 2013 10:03 AM
Lausten - 19 September 2013 09:40 AM

Have you ever looked at all the settings that are behind your internet connection?

I have. I used to document Internet gateway commands when I was a tech writer. As far as I can tell from working with programmers and reading about security the only time it is necessary to change your password is immediately after a security breach, which is far more likely on a Windows based server than on one running Linux or Mac OS.

Well, we’ve pretty much sucked the fun out of this one.
Depends on what type of security breach. If someone entered the system without using a user’s password, then they could obtain said passwords and you’d want to change them. But, if they got a password, without using any sort of machine at all, i.e. through “social engineering” then you would never know there was a breach in the first place. They could use this password for months, learning more and more about the system, or stealing only small amounts of money by creating fake accounts and fake transactions. Accounting wouldn’t know because it would look like legitimate data to them.

Passwords can also be hacked by trying millions of variations on common words, names of people at the company, or other public information. This can be detected only if someone is watching for unusual traffic from an unknown MAC address. Short words with no caps and only 26 possible characters would obviously be easier.

But forget the technical stuff, the question I have is, knowing that this is something people hate, knowing it causes more expense at your help desk, and the people who hate it the most are often the people who are in charge, the ones who could say not to do it, why is everyone doing it? This isn’t like magnetic strips on credit cards where there are whole other countries with a better way to do it and we haven’t adopted it yet.

Profile
 
 
Posted: 19 September 2013 02:47 PM   [ Ignore ]   [ # 26 ]
Sr. Member
Avatar
RankRankRankRankRankRankRankRankRankRank
Total Posts:  2218
Joined  2007-04-26
Lausten - 19 September 2013 09:40 AM
macgyver - 19 September 2013 05:48 AM

I’m curious though. Has any one really studied this to see if these cumbersome password policies actually help reduce intrusions? They sure create a lot of headaches.

Really? Have you ever looked at all the settings that are behind your internet connection? Has anyone ever said, “yeah, I could have invented the internet. It was just a good idea waiting for someone stumble upon it.” Is Steve Balmer a billionaire for no good reason? Do you think all that effort has gone into making computers more secure and no one thought about how to deal with user names and passwords?

Stealing passwords that are the name of your cat is pretty common, so I named my cat TWe45_yupper but I pronounce it “fluffy”.

I am not saying no one thought about it. I am just wondering if anyone ever checked to see if their ideas accomplished what they hoped it would. One thing I have learned after year in medicine is not to ever trust “common sense” as a guide to implementing procedures or treatments. Lots of things that sound like a good idea end up not working out the way you had hoped when put int practice simply because its difficult to anticipate human behavior accurately and also because we usually have very incomplete knowledge of the systems we are working on. COmputer networks may not be as complex as biological systems but the same principals apply to a lesser extent.

All I am saying is never assume anything. Just because something sounds like a good idea ( constantly changing passwords) doesn’t necessarily mean it is.
Making a longer password that uses many more characters obviously makes the password more difficult to crack. That’s a simple mathematical proof. no study required there, although the degree to which it increases security is an entirely different issue that needs to take into account human nature ( ie. when passwords get too complex people tend to write them down rather than memorize them and this may reduce security if these pieces of paper with passwords on them are left in unsecured locations.). Therefor longer passwords may not necessarily be more secure even though the mathematics of the situation would suggest otherwise.

Its fine to go on theory if the procedure you are requiring has no down side but in the case of expiring passwords it clearly does. People are more likely to forget their passwords or they may expire between uses requiring a call to tech support. This increases labour costs for those managing the network. It also results in lost productivity as in my case yesterday when I spent a half hour on the phone in front of a computer screen in stead of taking care of the patient I went to see in the hospital.

So back to the original question. Has anyone actually studied this to see whether longer passwords and expiring passwords actually increase security and by how much? The how much is important in deciding if the benefit is worth the cost.

 Signature 

For every complex problem there is a solution that is simple, obvious,.... and just plain wrong

Profile
 
 
Posted: 19 September 2013 02:53 PM   [ Ignore ]   [ # 27 ]
Sr. Member
Avatar
RankRankRankRankRankRankRankRankRankRank
Total Posts:  2218
Joined  2007-04-26
Lausten - 19 September 2013 11:19 AM

But forget the technical stuff, the question I have is, knowing that this is something people hate, knowing it causes more expense at your help desk, and the people who hate it the most are often the people who are in charge, the ones who could say not to do it, why is everyone doing it? This isn’t like magnetic strips on credit cards where there are whole other countries with a better way to do it and we haven’t adopted it yet.

Who says the people managing the system are the ones who hate it the most? I doubt that. The far larger group of people who actually use it hate it one heck of a lot. The people managing the system are more concerned about security than convenience. They’re not gong to lose their job because people complain about the password policy. They might lose their job if the system is breached. Given those two options they will opt for a more secure “appearing” password policy even if the policy doesn’t actually result in a more secure system.

I’m not saying these policies don’t result in greater security I am just wondering if there is any proof. If not than these onerous procedures are quite possibly unnecessary.

 Signature 

For every complex problem there is a solution that is simple, obvious,.... and just plain wrong

Profile
 
 
Posted: 19 September 2013 03:20 PM   [ Ignore ]   [ # 28 ]
Sr. Member
RankRankRankRankRankRankRankRankRankRank
Total Posts:  1412
Joined  2009-10-21
macgyver - 19 September 2013 02:53 PM

I’m not saying these policies don’t result in greater security I am just wondering if there is any proof. If not than these onerous procedures are quite possibly unnecessary.

I don’t have any studies, nor do I have a degree that covers computer security, so I can’t answer you anymore than I already have. I tried to apply critical thinking in the way I would evaluate claims of a flat earth or a 9/11 conspiracy. That usually gets me by.

Anecdotally, I agree with the writing down password thing. We had a laptop computer come back, from a lawyer, and we opened it up and the username and password were taped onto the keypad. Basically a door with the key left in it.

Profile
 
 
Posted: 19 September 2013 04:39 PM   [ Ignore ]   [ # 29 ]
Sr. Member
Avatar
RankRankRankRankRankRankRankRankRankRank
Total Posts:  2218
Joined  2007-04-26
Lausten - 19 September 2013 03:20 PM
macgyver - 19 September 2013 02:53 PM

I’m not saying these policies don’t result in greater security I am just wondering if there is any proof. If not than these onerous procedures are quite possibly unnecessary.

I don’t have any studies, nor do I have a degree that covers computer security, so I can’t answer you anymore than I already have. I tried to apply critical thinking in the way I would evaluate claims of a flat earth or a 9/11 conspiracy. That usually gets me by.

Anecdotally, I agree with the writing down password thing. We had a laptop computer come back, from a lawyer, and we opened it up and the username and password were taped onto the keypad. Basically a door with the key left in it.

Ok Thanks. It was just something I had wondered from time to time as I struggled to remember the latest iteration of a password. It would be interesting to know if there is some industry literature on this.

 Signature 

For every complex problem there is a solution that is simple, obvious,.... and just plain wrong

Profile
 
 
Posted: 19 September 2013 05:18 PM   [ Ignore ]   [ # 30 ]
Sr. Member
RankRankRankRankRankRankRankRankRankRank
Total Posts:  2602
Joined  2012-10-27
Lausten - 19 September 2013 09:40 AM
macgyver - 19 September 2013 05:48 AM

I’m curious though. Has any one really studied this to see if these cumbersome password policies actually help reduce intrusions? They sure create a lot of headaches.

Really? Have you ever looked at all the settings that are behind your internet connection? Has anyone ever said, “yeah, I could have invented the internet. It was just a good idea waiting for someone stumble upon it.” Is Steve Balmer a billionaire for no good reason? Do you think all that effort has gone into making computers more secure and no one thought about how to deal with user names and passwords?

Stealing passwords that are the name of your cat is pretty common, so I named my cat TWe45_yupper but I pronounce it “fluffy”.

Now that’s funny!

Profile
 
 
   
2 of 3
2
 
‹‹ Brazil      things kids say ››