arthwollipot
Limerick Purist Pronouns: He/Him
My very strong suspicion is that 100% of password problems are user error.
Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)
- Thread starter JoeMorgue
- Start date
- Status
Wudang
BOFH
I was caught once. I didn't notice the RDP box I was logging onto had en-us instead of en-uk as the keyboard map so the special characters in my password were wrong.
TragicMonkey
Poisoned Waffles
Most security questions suck. They frequently seem geared towards people who never, ever moved in their entire lives. "What school did you go to?" and "what street did you grow up on?" are meaningless to people like me who lived in ten different places between the ages of 3 and 18. I'm eternally stuck just making up answers and writing them down along with the password because whoever writes the damn security questions has no imagination.
Wudang
BOFH
I was about to sign up for one financial companies online services when I realized that all the listed security questions I was offered were almost public record or that more than one person would know. I went elsewhere.
Blue Mountain
Resident Skeptical Hobbit
Who says the answers have to be correct? If you're using a password manager (and any serious computer user should be) just put in some nonsense and record it in the password manager.
- In which city did your parents meet? Tuktoyaktuk
- What was the name of your first pet? TheDog
- What was the name of your elementary school? Harvard
- What is your favourite colour? GreenishBluish
- What was your mother's maiden name? Galadriel
- What was the make of your first vehicle? SteamRoller
Wudang
BOFH
Fair point but it seemed to me that if they selected those questions then it suggested that the company's approach to security might be suboptimal.
Norman Alexander
Penultimate Amazing
Problem is that you will never remember those answers past next week.
Wudang
BOFH
No, you can save them in PwdSafe and other password managers as Blue Mountain said. I do this as for example "Favourite author" has candidates running into 3 figures.
That’s not going to work.
If you can’t access your password manager for the actual password you can’t use it to get your security question answers!
I’ve had people have an existential crisis in front of me trying to get their Apple ID back over questions they answered with the “real” answer questions like “Your best friend at school?” Or “The name of your favourite teacher?”
Norman Alexander
Penultimate Amazing
As have I. Now imagine trying to recall the imaginary answers you made up to real questions.
Norman Alexander
Penultimate Amazing
In that case, what need of security questions?
gnome
Penultimate Amazing
- Joined
- Aug 5, 2001
- Messages
- 14,865
I have a hunch there is a small percent of issues where the password setting form accepts longer strings than it stores. It's my guess this is responsible for the few aggravating cases of:
*password incorrect*
>forgot password<
*enter new password*
*new password cannot be the same as old password*
It’s quite amusing that these questions that one would think would be “unambiguous” aren’t. The one I’ve had problems with in the past is a simple one “Name of your first pet?” Now I could answer that with the name of the cat we had when I was kid, that was the first pet I recall having, but hang on it says “your” so did I answer it as first pet I got after I left home i.e. “mine” or the one we had when I was a kid?
//Slight hijack//
Any other military members remember that weird "If you become a POW" thing they had you fill out where one of the things was "Give me a sentence that a rescuer could craft multiple questions out of to verify your identity?"
Any other military members remember that weird "If you become a POW" thing they had you fill out where one of the things was "Give me a sentence that a rescuer could craft multiple questions out of to verify your identity?"
Wudang
BOFH
Norman Alexander
Penultimate Amazing
The security questions are to protect the integrity of your identity, usually username/password combos. But if have a secure username/password store available already, the security questions to validate your identity become superfluous. You already have those combos stored (hopefully) securely and should not need the questions to verify them.
Unless you stored them wrong. Being dyslexic, my special trick.
Wudang
BOFH
Ah since I should theoretically always have my user Id and password available in my safe I should never need to use my secure questions?
Hsbc online banking website requires a combination of a secure question and a secure key code from their app. Other times I may be prompted to change my password when I’m in a rush and will update the password safe “later”. I remembered to do that one time. I was quite proud of myself.
Hsbc online banking website requires a combination of a secure question and a secure key code from their app. Other times I may be prompted to change my password when I’m in a rush and will update the password safe “later”. I remembered to do that one time. I was quite proud of myself.
2021 and my company's backup strategy for full backup is still to FedEX us a 40 terabyte external drive, plug it on on Friday afternoon, let the backup run all weekened, and ship it back to them on Monday.
gnome
Penultimate Amazing
- Joined
- Aug 5, 2001
- Messages
- 14,865
Where are we on data transmission speeds for that kind of volume? It seems like it was not so long ago that it was proven that transporting a certain mass of data physically could outpace an electronic transfer if it was of enough size.
- Status