Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)

[Blue Mountain]

That’s not going to work.

If you can’t access your password manager for the actual password you can’t use it to get your security question answers!

There's some logic in your reply, but that's not the only reason for security questions. Many secure web sites drop a cookie that says, in effect, "this user has visited before and has passed the relevant security checks." Problem is I do most of my browsing in private/stealth mode, so the cookie disappears after I log out and close the browser. So I get hit with a security challenge every time I visit the site.

In addition, because I use a password manager, I long ago gave up using memorable passwords on most sites—especially important ones like financial institutions. I need my password manager just to be able to log into them.

 

[malbui]

Where are we on data transmission speeds for that kind of volume? It seems like it was not so long ago that it was proven that transporting a certain mass of data physically could outpace an electronic transfer if it was of enough size.

I had that as an exercise as a CS postgrad thirty years ago. Never underestimate the bandwidth of an estate car full of backup media.

 

[quadraginta]

Where are we on data transmission speeds for that kind of volume? It seems like it was not so long ago that it was proven that transporting a certain mass of data physically could outpace an electronic transfer if it was of enough size.

I had that as an exercise as a CS postgrad thirty years ago. Never underestimate the bandwidth of an estate car full of backup media.

I remember that as "a 747 full of floppy disks", but the sentiment is the same.

I think this will always be the case, at least in a trivially true sense, since storage capacity tends to rise at a rate at least comparable to bandwidth improvements.

But, considering JoeMorgue's example, why is it necessary to only do the back-up once a week? Why not have incremental back-ups being done continually via cloud? A weekly full back-up to a hard drive could still be managed, but it wouldn't be time-critical, just another layer of redundancy.

This may have been the point he was making.

 

[zooterkin]

A delivery boy on a bicycle with a basket of 9 track tapes is the one I remember.

 

[Blue Mountain]

Relevant RFC

IP Over Avian Carrier with Quality of Service

 

[arthwollipot]

Ctrl-C Alt-Tab Ctrl-V Tab Tab Alt-Tab Right-Arrow Ctrl-C Alt-Tab Ctrl-V Tab Tab Alt-Tab Down-Arrow Left-Arrow

Repeat x28 times.

 

[rdaneel]

Ctrl-C Alt-Tab Ctrl-V Tab Tab Alt-Tab Right-Arrow Ctrl-C Alt-Tab Ctrl-V Tab Tab Alt-Tab Down-Arrow Left-Arrow

Repeat x28 times.

Will that unlock special powers?

 

[arthwollipot]

Will that unlock special powers?

No, but it will configure your EA's speed dials.

 

[catsmate]

Most security questions suck. They frequently seem geared towards people who never, ever moved in their entire lives. "What school did you go to?" and "what street did you grow up on?" are meaningless to people like me who lived in ten different places between the ages of 3 and 18. I'm eternally stuck just making up answers and writing them down along with the password because whoever writes the damn security questions has no imagination.

I was about to sign up for one financial companies online services when I realized that all the listed security questions I was offered were almost public record or that more than one person would know. I went elsewhere.

You do know there's no reason to give an accurate "answer" to these questions?
Try '69 Letsby Avenue, Narnia'.

 

[catsmate]

Problem is that you will never remember those answers past next week.

Then note them down, in a free cryptic format.
Use a number you'll remember, <noun> street and a fictional state/province et cetera and (if needed) the first country in the list beginning with C/I/K et cetera.

 

[catsmate]

I’ve had people have an existential crisis in front of me trying to get their Apple ID back over questions they answered with the “real” answer questions like “Your best friend at school?” Or “The name of your favourite teacher?”

As have I. Now imagine trying to recall the imaginary answers you made up to real questions.

Fascinating. Perhaps it's just me bit I don't forget these things. But then I started using a fake (but valid) address in Kazakhstan back when this crap started in the nineties.

 

[catsmate]

Where are we on data transmission speeds for that kind of volume? It seems like it was not so long ago that it was proven that transporting a certain mass of data physically could outpace an electronic transfer if it was of enough size.

Unless you have a multi-gigabit connection 40TB will take more than three days to move.
Also the 'disk' will have to be a RAID box of some sort as there are no single-drive 40TB hard drives, though there are pluggable SSD units of that size and larger.

 

[catsmate]

Ctrl-C Alt-Tab Ctrl-V Tab Tab Alt-Tab Right-Arrow Ctrl-C Alt-Tab Ctrl-V Tab Tab Alt-Tab Down-Arrow Left-Arrow

Repeat x28 times.

No. I'd use an automation tool.

 

[Wudang]

You do know there's no reason to give an accurate "answer" to these questions?
Try '69 Letsby Avenue, Narnia'.

I guess my previous reply was unclear. The fact that their security team had not looked at those questions and thought they would be too easy for someone else to know or alternatively they had and had not been listened to, implied strongly to me that security was not high on that company’s list of priorities.

 

[catsmate]

I guess my previous reply was unclear. The fact that their security team had not looked at those questions and thought they would be too easy for someone else to know or alternatively they had and had not been listened to, implied strongly to me that security was not high on that company’s list of priorities.

Ahh, right. My mistake.And I agree.

 

[JoeMorgue]

But, considering JoeMorgue's example, why is it necessary to only do the back-up once a week? Why not have incremental back-ups being done continually via cloud? A weekly full back-up to a hard drive could still be managed, but it wouldn't be time-critical, just another layer of redundancy.

To oversimplify it a little the full backup is done via "IP over Fedex" while the daily incrementals are done entirely online.

(There's an oversimplification to a degree as there multiple backup strategies in effect, and this particular method is also our last resort 'Ransomware' failsafe, offsite backup, and apparently serves as some kind of legal archival requirement under HPIAA. There is a local "full" (minus some specifically massive specialty files) backup as well)

I also believe on a higher up level this is not intended to be a long term solution, but a stop gap until a bigger data pipeline can be negotiated.

 

[JoeMorgue]

Unless you have a multi-gigabit connection 40TB will take more than three days to move.
Also the 'disk' will have to be a RAID box of some sort as there are no single-drive 40TB hard drives, though there are pluggable SSD units of that size and larger.

It's a box about the size of a large toaster or so with 4 removable hard drives, in (I'm assuming) some sort of RAID array for speed and redundancy. It has a USB 3.0 connection which we've never used and an Ethernet port which we do use.

 

[TragicMonkey]

Brilliance in scheduling: today the company sent out its much-touted Very Important internal employee survey, on the topic of the business and how to improve the business and everyone must participate and it's very important. The survey email is from a third party independent firm, and contains a link which is the only way we're supposed to access the survey so we can be tracked and nobody can take the survey multiple times.

Today also marks the start of our aggressive security testing, during which we've been told we'll be receiving fake phishing emails attempting to lure us into clicking on links and doing bad things, for which we'll receive re-education courses and similar punishment.

Hmmmm. Who wants to gamble? Was this just a stupid scheduling oversight, or is somebody being tricksy? The survey people get dinged if we don't participate enough, and I imagine the security people want to generate as many successful lures as they can to justify their increasing budget requests.

 

[JoeMorgue]

I actually legit wonder how paranoid it would be to consider that intentional.

I can't remember enough details to Google it but I specifically remember a big company pulling something like that during a COVID peak, sending out "fishing" tests and actual "how to get financial help" e-mails at the same time or something similar.

 

[JoeMorgue]

I'm currently sitting in a cubicle doing a software install.

The person in the cubicle next to me is on her speaker phone.

She's talking to the person who's two cubicles up from the row we are both in. The other person is also on her speaker phone.

I'M SOMEHOW HEARING FOUR SIDES OF A TWO SIDED CONVERSATION!