- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
The soldier of fortune work must've dried up then. :(
Admin
I personally think it's largely down to training, users should be told that their password should be secure, and it should be treated like their door key. This should be then augmented with sysadmin attempting to crack peoples passwords at regular intervals (mmmm rainbow tables), and having users with weak passwords change theirs. Also, social cracking is probably a good idea as well. (Ring people up and ask them for their password, if they give it, and it's correct, then you've identified a potential security risk and you can provide training and guidance.)
I think complexity should be encouraged, but not enforced, I mean if I know my password must be 8 chars, and contain a number, that's immediatly removed AAAAAAAA-ZZZZZZZZ (and all the variations thereof) from my attack space.Thank you, I'll be using that analogy in future.... :)
Admin
Someone already solved that pesky "password compromise" situation. It's called two-factor authentication ;)
Use your password and a gizmo that spits out ever-changing numbers.
The ones that are time-based, change every 60 seconds; the other ones are made so that all previous valid numbers are invalidated when the next one is introduced.
Admin
Exactly. The company I work for has a COTS defect tracking system that is installed at the data center. Our project team (about 25 people total) uses it and we have own sandbox with our own accounts, database, repository, etc. However, because its COTS, every user must have a login AND password.
The login makes sense. We need to know what defects are assigned to us, and who wrote the defects, and who wrote the notes on them, etc. Many of the queries we use are based on the login name.
However, to us, the passwords aren't really necessary. There's 25 of us. We've worked together for years. It's highly unlikely anyone do anything malicious to the defect database, and even if someone did, the damage would be incredibly minimal. There's nothing confidential in there at all. It's just not a system that requires a lot of security. However, because the software requires us to have a password, we all do. We all have the password "password".
Now, if for some reason we timed out every hour, I could easily see us calling up the data center and say "hey, could you increase the timeout here? We all use the same password anyway and there's just no reason for this thing to be secured." Is that a WTF? Not really.
Admin
Your ability to comprehend sarcasm astounds me.
Admin
Admin
Admin
[quote user="Random832"]Your ability to comprehend sarcasm astounds me.[/quote] was in reply to [quote]What you saw was the parody of the actual episode. In the Twilight Zone episode his glasses break and that's the end. Your version was most likely from either the Simpsons or Futurama.[/quote
Admin
Well, Jeff, you and a score of others on this thread are demonstrating the hallmarks of WTF-producing programmers: Re-interpreting specs Getting very arrogant about the results of the misdirected conclusions you arrive at.
The word used here was not "irony", but "ironic". The distinction is greater than you may think. Please look up the adjective rather than the noun.
The situations described in the song are indeed ironic. I'm old enough to remember the year that song came out. Chardonnay was the vogue wine of the season, chosen and consumed not just for its taste, but to convey an air of sophistication. The big black fly that came and plopped itself into your glass sort of blew that inpression. Likewise, the weddings of that time tended to be held outside and scheduled for time when the weather was likely to be fair, so as to convey the "sunny future" ahead for the union. When the thunderclouds roll in and douse the guests, the effect is again spoiled.
Even the lines that may seem to hold a bit less irony, such as the traffic jam and the no smoking sign, come into more ironic light if one has sufficient imagination to paint the context: the stressed out morning cooped up in the office, with the smoke break as a brief opportunity to get away from external pressures for five minutes. The great shortcut you took to beat the clock, only to find that everyone else had chosen the same shortcut, yada, yada.
So maybe we can all stop nitpicking for a moment and ETFS.
Admin
Nit-picking is spelt with a hyphen.
Admin
Everybody on this thread seems to have gone off on a side-track about password security. I scanned the three pages of comments, and didn't see anyone make a comment on the timeout issue.
So... were the "timeouts" really timeouts from people going away from their browsers for awhile? Or were they occurring because a single user account was being shared as well as the passwork or because there was some session info tied to the password somehow, and only one such user allowed at a time? So that the next person logging on with a given password would cause the other person's session to become invalid?
Admin
The problem here isn't the password, it is the idea of not locking accounts after N failures. And the periodic change does not really limit the damage an attack does. Remember it takes very little time once a hacker gets in for him to do something. They are not going to wait around and see if you find them first, they are going to do something soon. If you can't detect that, then nothing short of daily password changes are really going to protect you.
Teach your users the true importance of strong passwords, hire proper network admins and at least one with real security credentials to detect potential intrusions. Manage your risk appropriately, but do not hide behind the illusion of safety given by constantly changing password rotations.
Admin
Admin
last post.
Admin
The distinction is that of the noun form versus the adjective form; the meaning of the word isn't any different. In fact, the definition of the adjective ironic uses the noun irony in it:
So tell me, what do you see as the differences in the noun irony and the adjective ironic? What would make you think that the adjective would convey a meaning that is totally unrelated to the noun?
Admin
who cares, the song is cool. (:
Admin
Dayum, this thread is still going? I had to do a search on "irony" to find it.
Anywaze... I gotcher irony right here. Copied from a forum in a galaxy far, far away...
"Paris is a reatard."
Admin
(Not that I think she intended it that way.)