June 8, 2012 at 8:19 am
Stefan Krzywicki (6/8/2012)
Ugh, just found out we're switching to security that requires you to change your password every 90 days. Nice that we're switching to that now that security experts are saying that's exactly the wrong thing to do. They've only been saying that for years now, so why should we know? Infuriating! I look forward to seeing people's passwords written down on stickies on their monitors.
When essentially technical things are controlled by managers whose job it is to manage and who are not required to understand technical issues it is inevitable that stupid, damaging, and incompetent management decisions will be taken, and idiotic policies like this imposed. That's why I believe that an organisation involved in serious engineering (whether soft engineering like B I or hard enginering like designing power switching and transmission systems) that senior technical people need to accept management repsonsibilities while retaining the scope to be technical, not pure management.
Have you tackled management about the stupidity of this policy? Has the organisation no senior technical people with the management clout to get it reversed?
Tom
June 8, 2012 at 8:22 am
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
Ugh, just found out we're switching to security that requires you to change your password every 90 days. Nice that we're switching to that now that security experts are saying that's exactly the wrong thing to do. They've only been saying that for years now, so why should we know? Infuriating! I look forward to seeing people's passwords written down on stickies on their monitors.When essentially technical things are controlled by managers whose job it is to manage and who are not required to understand technical issues it is inevitable that stupid, damaging, and incompetent management decisions will be taken, and idiotic policies like this imposed. That's why I believe that an organisation involved in serious engineering (whether soft engineering like B I or hard enginering like designing power switching and transmission systems) that senior technical people need to accept management repsonsibilities while retaining the scope to be technical, not pure management.
Have you tackled management about the stupidity of this policy? Has the organisation no senior technical people with the management clout to get it reversed?
Yup and I was told it is part of PCI compliance. Government regulation will always be behind the curve. Fortunately, Gail's suggestion may help mitigate the worst parts of the policy. I've forwarded that to management as well and perhaps, if combined with some training, it'll be used. I know I'll be installing it on my machine.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
June 8, 2012 at 8:28 am
Stefan Krzywicki (6/8/2012)
GilaMonster (6/8/2012)
PasswordSafeThat is all.
I'd started using eWallet, but that isn't free. Thanks!
Watch out, there's a nasty little bug in PasswordSafe V3.26 (it may have been fixed by now, as V3.27 and V3.28 are out, but I haven't got ten round to downloading and testing a newer version yet): the "clear clip board" command doesn't clear the clip board. Of course if you never leave your computer logged in, unlocked, unattended, not even for 20 seconds, this probably doesn't matter; but it is a sharp contrast to the care with which Password Safe asks for the master key again if it has been idle for more than a very short time.
Tom
June 8, 2012 at 8:31 am
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
Ugh, just found out we're switching to security that requires you to change your password every 90 days. Nice that we're switching to that now that security experts are saying that's exactly the wrong thing to do. They've only been saying that for years now, so why should we know? Infuriating! I look forward to seeing people's passwords written down on stickies on their monitors.When essentially technical things are controlled by managers whose job it is to manage and who are not required to understand technical issues it is inevitable that stupid, damaging, and incompetent management decisions will be taken, and idiotic policies like this imposed. That's why I believe that an organisation involved in serious engineering (whether soft engineering like B I or hard enginering like designing power switching and transmission systems) that senior technical people need to accept management repsonsibilities while retaining the scope to be technical, not pure management.
Have you tackled management about the stupidity of this policy? Has the organisation no senior technical people with the management clout to get it reversed?
Ah PCI-DSS, without it you could be shut down on taking card payments, so if your business receives money on all transactions with credit cards, debit cards etc, you wont be able to take payments and the company will close. Just one of them regulations that has to be complied with, was the same as at a previous employer we has a Level 1 PCI-DSS audit as everything was card based tranaactions
June 8, 2012 at 8:31 am
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
GilaMonster (6/8/2012)
PasswordSafeThat is all.
I'd started using eWallet, but that isn't free. Thanks!
Watch out, there's a nasty little bug in PasswordSafe V3.26 (it may have been fixed by now, as V3.27 and V3.28 are out, but I haven't got ten round to downloading and testing a newer version yet): the "clear clip board" command doesn't clear the clip board. Of course if you never leave your computer logged in, unlocked, unattended, not even for 20 seconds, this probably doesn't matter; but it is a sharp contrast to the care with which Password Safe asks for the master key again if it has been idle for more than a very short time.
Over the years I've gotten into the habit of locking my computer every time I stand up from my desk.
I'll check the list of bug fixes (if I can find one) for the latest versions. Thanks for the heads-up.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
June 8, 2012 at 8:47 am
Stefan Krzywicki (6/8/2012)
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
GilaMonster (6/8/2012)
PasswordSafeThat is all.
I'd started using eWallet, but that isn't free. Thanks!
Watch out, there's a nasty little bug in PasswordSafe V3.26 (it may have been fixed by now, as V3.27 and V3.28 are out, but I haven't got ten round to downloading and testing a newer version yet): the "clear clip board" command doesn't clear the clip board. Of course if you never leave your computer logged in, unlocked, unattended, not even for 20 seconds, this probably doesn't matter; but it is a sharp contrast to the care with which Password Safe asks for the master key again if it has been idle for more than a very short time.
Over the years I've gotten into the habit of locking my computer every time I stand up from my desk.
I'll check the list of bug fixes (if I can find one) for the latest versions. Thanks for the heads-up.
I downloaded 2.28 to check it (about time I got round to it ;-)). The bug appears to have been fixed by removing the feature; of course the workaround for the feature not being there is the same as the workaroun for the feature not working: either clear the clipboard manually, or exit password safe (which does clear the clipboard) or lock your computer before leaving your desk - even in what you fondly believe to be a secure environment.
Tom
June 8, 2012 at 8:50 am
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
GilaMonster (6/8/2012)
PasswordSafeThat is all.
I'd started using eWallet, but that isn't free. Thanks!
Watch out, there's a nasty little bug in PasswordSafe V3.26 (it may have been fixed by now, as V3.27 and V3.28 are out, but I haven't got ten round to downloading and testing a newer version yet): the "clear clip board" command doesn't clear the clip board. Of course if you never leave your computer logged in, unlocked, unattended, not even for 20 seconds, this probably doesn't matter; but it is a sharp contrast to the care with which Password Safe asks for the master key again if it has been idle for more than a very short time.
Over the years I've gotten into the habit of locking my computer every time I stand up from my desk.
I'll check the list of bug fixes (if I can find one) for the latest versions. Thanks for the heads-up.
I downloaded 2.28 to check it (about time I got round to it ;-)). The bug appears to have been fixed by removing the feature; of course the workaround for the feature not being there is the same as the workaroun for the feature not working: either clear the clipboard manually, or exit password safe (which does clear the clipboard) or lock your computer before leaving your desk - even in what you fondly believe to be a secure environment.
I've worked places (many years ago now) where someone sent a nasty email from someone else's computer. That was enough to get me to lock my computer every time I get up from my desk, even if I'll only be away for a few seconds. It doesn't have to be worry about something being stolen to make you want to be secure.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
June 8, 2012 at 8:56 am
That's one thing I like about working from home (and my cats haven't learned to use the computer yet)
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
June 8, 2012 at 9:00 am
GilaMonster (6/8/2012)
That's one thing I like about working from home (and my cats haven't learned to use the computer yet)
That you know of!
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
June 8, 2012 at 9:10 am
GilaMonster (6/8/2012)
That's one thing I like about working from home (and my cats haven't learned to use the computer yet)
You are lucky. 25 years ago my daugter's cat rubbed herself against a Mac and stepped on F2 which was a quick GEnie logon, apparently on several occassions. GEnie was then $25 per prime time hour and I was stuck with a $350 bill.
June 8, 2012 at 9:17 am
Oh I do occasionally sent cat-typed tweets, one of mine finds the keyboard a fascinating toy.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
June 8, 2012 at 9:47 am
GilaMonster (6/8/2012)
PasswordSafeThat is all.
KeePass[/url] works great for me.
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
June 8, 2012 at 10:34 am
Stefan Krzywicki (6/8/2012)
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
GilaMonster (6/8/2012)
PasswordSafeThat is all.
I'd started using eWallet, but that isn't free. Thanks!
Watch out, there's a nasty little bug in PasswordSafe V3.26 (it may have been fixed by now, as V3.27 and V3.28 are out, but I haven't got ten round to downloading and testing a newer version yet): the "clear clip board" command doesn't clear the clip board. Of course if you never leave your computer logged in, unlocked, unattended, not even for 20 seconds, this probably doesn't matter; but it is a sharp contrast to the care with which Password Safe asks for the master key again if it has been idle for more than a very short time.
Over the years I've gotten into the habit of locking my computer every time I stand up from my desk.
I'll check the list of bug fixes (if I can find one) for the latest versions. Thanks for the heads-up.
I downloaded 2.28 to check it (about time I got round to it ;-)). The bug appears to have been fixed by removing the feature; of course the workaround for the feature not being there is the same as the workaroun for the feature not working: either clear the clipboard manually, or exit password safe (which does clear the clipboard) or lock your computer before leaving your desk - even in what you fondly believe to be a secure environment.
I've worked places (many years ago now) where someone sent a nasty email from someone else's computer. That was enough to get me to lock my computer every time I get up from my desk, even if I'll only be away for a few seconds. It doesn't have to be worry about something being stolen to make you want to be secure.
I lock mine too, for the same reasons. Usually it's all in good fun, but it is still annoying to fix your autocorrect, host file or figure out why your "cup holder" ejects randomly every 5 minutes. I had one coworker who paired his phone with the bluetooth on his PC so it would autolock when he left the desk.
June 8, 2012 at 10:49 am
Chad Crawford (6/8/2012)
Stefan Krzywicki (6/8/2012)
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
L' Eomot Inversé (6/8/2012)
Stefan Krzywicki (6/8/2012)
GilaMonster (6/8/2012)
PasswordSafeThat is all.
I'd started using eWallet, but that isn't free. Thanks!
Watch out, there's a nasty little bug in PasswordSafe V3.26 (it may have been fixed by now, as V3.27 and V3.28 are out, but I haven't got ten round to downloading and testing a newer version yet): the "clear clip board" command doesn't clear the clip board. Of course if you never leave your computer logged in, unlocked, unattended, not even for 20 seconds, this probably doesn't matter; but it is a sharp contrast to the care with which Password Safe asks for the master key again if it has been idle for more than a very short time.
Over the years I've gotten into the habit of locking my computer every time I stand up from my desk.
I'll check the list of bug fixes (if I can find one) for the latest versions. Thanks for the heads-up.
I downloaded 2.28 to check it (about time I got round to it ;-)). The bug appears to have been fixed by removing the feature; of course the workaround for the feature not being there is the same as the workaroun for the feature not working: either clear the clipboard manually, or exit password safe (which does clear the clipboard) or lock your computer before leaving your desk - even in what you fondly believe to be a secure environment.
I've worked places (many years ago now) where someone sent a nasty email from someone else's computer. That was enough to get me to lock my computer every time I get up from my desk, even if I'll only be away for a few seconds. It doesn't have to be worry about something being stolen to make you want to be secure.
I lock mine too, for the same reasons. Usually it's all in good fun, but it is still annoying to fix your autocorrect, host file or figure out why your "cup holder" ejects randomly every 5 minutes. I had one coworker who paired his phone with the bluetooth on his PC so it would autolock when he left the desk.
That last sounds great. Of course, that'd require me to have bluetooth on my computer. It'd likely require a computer that isn't older than bluetooth...
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
June 8, 2012 at 10:59 am
I've heard mutterings about using Kinect for that. With it's facial recognition it can lock the computer when you get up, unlock when you sit down.
Would probably take a lot of work to get implemented though
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 15 posts - 36,436 through 36,450 (of 66,712 total)
You must be logged in to reply to this topic. Login to reply