Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)

Status
Not open for further replies.
Tolls said:
My main issue with this version of password reset is the places that insist you provide multiple reset questions (I've seen up to 5), and they need to come from a fixed selection of 10 or so. Now, frankly, I'm more likely to remember the password than I am the answer to all five security questions from things that I have absolutely no fixed answer for. Favourite film? First pet (depends on what animal I happen to remember at the time)? Favourite anything, in fact.
Click to expand...

Besides writing such answers in a notebook I use joke answers I'm more likely to remember.

Favorite hobby in high school: skipping

Favorite vacation destination: LV-426.
 
Tolls said:
My main issue with this version of password reset is the places that insist you provide multiple reset questions (I've seen up to 5), and they need to come from a fixed selection of 10 or so. Now, frankly, I'm more likely to remember the password than I am the answer to all five security questions from things that I have absolutely no fixed answer for. Favourite film? First pet (depends on what animal I happen to remember at the time)? Favourite anything, in fact.
Click to expand...


Use LastPass or KeePass to store usernames, passwords, answers to security questions, credit card account and CVV numbers, bank account numbers, etc. (I prefer KeePass, because it isn't stored online.)


My answers aren't related,or are only vaguely related, to the security questions.


"Favorite pet?"

Answer: Woof (or maybe ocelot)
 
The Man said:
Besides writing such answers in a notebook I use joke answers I'm more likely to remember.

Favorite hobby in high school: skipping

Favorite vacation destination: LV-426.
Click to expand...

And 2 years down the line, having never had to actually answer those questions, when you have come back from 2 weeks hols, having been forced to change your password just before leaving and have forgotten it...

I mean, honestly? i wouldn't remember what joke I'd used.

xterra said:
Use LastPass or KeePass to store usernames, passwords, answers to security questions, credit card account and CVV numbers, bank account numbers, etc. (I prefer KeePass, because it isn't stored online.)
Click to expand...

Um.
Where exactly is my KeePass supposed to reside?
I'm talking about forgetting my main password to access my machine, not some other password, once I'm in the box. None of the above are any use for that.

And no, keeping it on some other device (phone/tablet) would be considered a risk to many clients.

xterra said:
My answers aren't related,or are only vaguely related, to the security questions.

"Favorite pet?"

Answer: Woof (or maybe ocelot)
Click to expand...

See above...
 
Tolls said:
And 2 years down the line, having never had to actually answer those questions, when you have come back from 2 weeks hols, having been forced to change your password just before leaving and have forgotten it...

I mean, honestly? i wouldn't remember what joke I'd used.
Click to expand...

Hence the notebook. For example I have written down PINs coded as phone numbers in an address book. How explicitly you write them down is up to you as is where you keep it. A fireproof lock box for example. Unless you simply forget that you tend to forget, taking secure corrective action shouldn't be an issue.
 
Tolls said:
And 2 years down the line, having never had to actually answer those questions, when you have come back from 2 weeks hols, having been forced to change your password just before leaving and have forgotten it...

I mean, honestly? i wouldn't remember what joke I'd used.

Um.
Where exactly is my KeePass supposed to reside?
I'm talking about forgetting my main password to access my machine, not some other password, once I'm in the box. None of the above are any use for that.

And no, keeping it on some other device (phone/tablet) would be considered a risk to many clients.

See above...
Click to expand...

There is KeePassDroid, which can keep the encrypted database on an Android device. There may be an iOS version as well. Also, with some decent obfuscation such as a wall of text, one can actually write the answers to the security questions on a standard size sheet of paper and store it along with lots of other papers in a desk drawer. Even if an auditor came across that one piece of paper among all the others you have in your work area, unless it was labelled Answers to security questions for company password reset it would likely escape attention.
 
Just wanted to add that if you have access to something like Keepass then you wouldn't forget your password anyway.

The situation requiring a reset presumes (in my mind anyway) that you don't have access to something like that.
 
Tolls said:
And 2 years down the line, having never had to actually answer those questions, when you have come back from 2 weeks hols, having been forced to change your password just before leaving and have forgotten it...



I mean, honestly? i wouldn't remember what joke I'd used.







Um.

Where exactly is my KeePass supposed to reside?

I'm talking about forgetting my main password to access my machine, not some other password, once I'm in the box. None of the above are any use for that.



And no, keeping it on some other device (phone/tablet) would be considered a risk to many clients.







See above...
Click to expand...
And of course the obligatory user whine of "I never used that question /answer" and "How do I know who I put as my best friend at School" because after all some hacker must have hacked their account and just changed the security questions and answers...
 
Darat said:
And of course the obligatory user whine of "I never used that question /answer" and "How do I know who I put as my best friend at School" because after all some hacker must have hacked their account and just changed the security questions and answers...
Click to expand...

You see, again, I'm not actually sure who I would answer to that question from one day to the next.

I mean, it was well over 30 years ago...:)
 
No I'm amazed that you can hand someone a 1,000 dollar laptop and they will put absolutely no effort into taking care of it. We have Doctors who go through laptops like Tic-Tacs. I mean they pay for them so I don't care, but it's just weird.
 
RecoveringYuppy said:
Why is numlock problematic?
Click to expand...

If you have a laptop without a separate number pad often times "NUMLOCK" will cause some of your regular QWERTY Keys to be used instead so a user might accidentally turn on NUMLOCK and when up typing "The Quick Brown Dog" and it comes out "Th4 Qui8k Br7wn D1g" or something like that. Doubly annoying if you're typing in a password with no visual feedback.
 
Last edited:
JoeMorgue said:
If you have a laptop without a separate number pad often times "NUMLOCK" will cause some of your regular QWERTY Keys to be used instead so a user might accidentally turn on NUMLOCK and when up typing "The Quick Brown Dog" and it comes out "Th4 Qui8k Br7wn D1g" or something like that. Doubly annoying if you're typing in a password with no visual feedback.
Click to expand...

On a normal keyboard my ''favourite' was the Insert key, at least Num Lock normally has an LED
"I'm trying to type and it's deleting the writing" :(
 
JoeMorgue said:
If you have a laptop without a separate number pad often times "NUMLOCK" will cause some of your regular QWERTY Keys to be used instead so a user might accidentally turn on NUMLOCK and when up typing "The Quick Brown Dog" and it comes out "Th4 Qui8k Br7wn D1g" or something like that. Doubly annoying if you're typing in a password with no visual feedback.
Click to expand...
The worst part of it is that the laptops are usually used docked, with an external keyboard and mouse. The external keyboard does have a numeric keypad, so it's useful to have NumLock on so that you can use it. Then when you undock the laptop, NumLock remains on and people start getting their passwords wrong.
 
Mongrel said:
On a normal keyboard my ''favourite' was the Insert key, at least Num Lock normally has an LED
"I'm trying to type and it's deleting the writing" :(
Click to expand...

arthwollipot said:
Oh I so hate that the Insert key doesn't have an indicator light.
Click to expand...

Yup. I did that just today. It always takes me a moment to realize it and then I have to figure out what got deleted.

NumLock isn't a problem. I mostly use a laptop with an external keyboard. Both have separate keypads. The other laptop doesn't have a numlock key or the keypad on the letters. It also doesn't have a removable media drive, enough USB's, or an ethernet port. But hey, it's thin and supposedly light. And wider and deeper than the one with the keypad.
 
Status
Not open for further replies.

Back
Top Bottom