Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)

Status
Not open for further replies.
JoeMorgue said:
Well if every device you have to login to has access to this database bully for you I guess.
Click to expand...
It's a browser plugin/app that has access to the database and supplies the appropriate password when you connect to the site that needs it.

You're going out of your way to **** on stuff you don't know about. You're also being kind of insulting to your fellow Member.
 
Joe, my original comment wasn't intended to be salty, but I understand how you could take it that way.

The exchange did get out of hand a bit, partly because I didn't explain that KeePass, my preferred software, is a stand-alone program that encrypts its database, allows access to the program only by password, and doesn't depend on any particular browser.

Arth, yes, if you're working on a large system such as you describe, neither LastPass nor KeePass will work. On the other hand, as a sysadmin you have other methods of resetting passwords, even if only through AD.


EDIT KeePass Password Safe
 
Last edited:
xterra said:
Joe, my original comment wasn't intended to be salty, but I understand how you could take it that way.

The exchange did get out of hand a bit, partly because I didn't explain that KeePass, my preferred software, is a stand-alone program that encrypts its database, allows access to the program only by password, and doesn't depend on any particular browser.

Arth, yes, if you're working on a large system such as you describe, neither LastPass nor KeePass will work. On the other hand, as a sysadmin you have other methods of resetting passwords, even if only through AD.
Click to expand...
Yes, the problem is that we have and always have had a procedure in place to ensure that any caller asking for a password reset is actually that person and not someone else just pretending to be them. This procedure should be common knowledge, but we still have to explain it to callers every day.
 
arthwollipot said:
Yes, the problem is that we have and always have had a procedure in place to ensure that any caller asking for a password reset is actually that person and not someone else just pretending to be them. This procedure should be common knowledge, but we still have to explain it to callers every day.
Click to expand...
Could you change my password, please? Username is ARTHWOLLIPOT.
 
arthwollipot said:
That's great when you're working on your own computer, not so much when you're working with an 8,000-user government secure network where installation of unapproved software is prohibited by law and system policy.

I use LastPass myself. On my private, personally-owned devices.
Click to expand...

Despite having been a pentester with IBM, writing part of an IBM security manual, designing security for several systems, I hated dealing with certain aspects of security.
<big bank> security insisted every password on every system had to be different and changed every 30 (later 90) days. We had over 20,000 windows servers and they were considered niche only. Standard servers were unix-variants. We weren't to write them down or store them in any way. Complaints that it was easy for someone in IT ops to have hundreds, if not thousands, of systems to access were brushed off.

On one internal system just used to store models of services for problem triage the vendor product required the tool be able to modify the DB schema (create tables etc). Big problem. Only DBAs can modify the schema. Big security & performance risk apparently if DB drones don't read from a ticket and write DDL exactly as requested on the ticket. So I had to devise a system where the tool knew an admin password but I didn't, using CA's Automation Point (which a more cynical person than I might describe as a POS and about as secure as a paper mache fireguard but had been selected by a supposed SME who knew sod all about anything not written by CA). I'd have preferred to install something else but my previous request for approval of software was still in the assessment queue 3 years later.

When I left there were some trading areas where IT staff had management backing from on high to tell security to F off and sort themselves out but it was still dominated by people who could say "no" but not "yes" and were never held to task. Mordac the Refuser.
If a problem was caused (or included) someone writing down a password or using a guessable one, not their fault. If there was an issue because the only way to square their circle was using a weak solution, not their problem.

.....and breathe.
 
JoeMorgue said:
I think the simple fact that we as an industry are using passwords far, far, far beyond the point of diminishing returns on the "Security versus practicality" chart is sort of an open secret in the business right now.

Any password complex enough to be secure enough, a user is either going to constantly forget or they are going to write it down.
Click to expand...
Biometrics.
 
arthwollipot said:
And it still surprises me that many staff do not know the process for requesting a password reset. And despite monthly email reminders, do not register for password self-service.
Click to expand...
Have you tried making them come to IT with company ID? For security purposes.
 
Just had someone end a call by telling me that they learned something.

giphy.gif
 
arthwollipot said:
Just had someone end a call by telling me that they learned something.

[qimg]https://media.giphy.com/media/nXxOjZrbnbRxS/giphy.gif[/qimg]
Click to expand...

My boss used to do a "TILT" at the end of the day (things I learned today). It didn't last long because he mostly learned that no one checked the channel in slack he was posting it in because the only thing going in there were his TILTs.

On a completely different note, we use LastPass as a company. It's ******* slick as hell when you're in my role. We do end to end tech support for something like 70 companies. I put the app on my phone, and I can page through every company at my finger tips. If you couple it with 2FA it gets rid of pretty much every security flaw as well. I was hesitant at first, but now I absolutely love it.
 
Status
Not open for further replies.

Back
Top Bottom