Reply to: Too many password changes

I used to lock mine in my desk overnight, but of course it didn't double up as a pass to let you into the building. Apparently you could still get to the desktop and other apps as long as you remembered their passwords, which would probably hinder you.

Apparently they have special cards you can borrow, I'm not too sure how they work but I know they let you log on to the systems but they're restricted in some ways.

KeePass Password Safe

Waits for someone to point out a security hole in KeePass...

That sounds neat. What do you do if you get to work and realise you have left your card at home?

I've never lost my ass.

KeePass

Yes! They had a SSO at my last clientco; it was not exactly brilliant because the password resest had to be requested from America and then carried out by Mr Bob Shawadiwadi in Bangalore who only reset the password for a single application at a time 'yes, this is being in accordance with single sign on policy conforming'.

I wish id thought of that when I left permiehood.

I have a combined fingerprint and face recognition system.

I've listened to lots advice and my password is.....

difficultToRemember

Yep our ones do that as well and best of all they work on both Windows and Linux (my desktop is Ubuntu and was previously Redhat.) Also the smartcards are also used to pay in the canteen or shop or machines, you just load it up as you go and they work on the security system letting you into the building and rooms depending on the access level and are also used for clocking in! They do everything except wipe your bum in the toilet.

The full cartoon

He did indeed miss the point of the CORRECT HORSE BATTERY STAPLE cartoon he linked to. The cynic in me says that someone somewhere out there will indeed be using a mixed-case-with-numbers-and punctuation version of that such as Correct-h0rse,battery&staple

The ability to create Rainbow tables has also increased with the ability to use GPUs to process this sort of stuff in the background. Earlier this year I read of some hackers/crackers conference where the article was claiming that the majority of the audience were probably running some password cracking software in the background on their laptops while they were busy taking notes, twittering and so on.

Both the good guys and the bad guys have already thought of that one.

Visualizing Keyboard Pattern Passwords


The best clientco password system I used had a password protected smartcard for your desktop on which the usernames and passwords for internet access, help desk app, timesheet app, department server etc were stored, and automatic logins were done in those apps. One really nice feature of that system was you could use your smartcard to log onto almost any other PC in the company (e.g. in training and demo rooms), it would download your authorised apps and your desktop settings, and you were all set to go.

Oh yes, when you left your desk to grab a cup of coffee you whipped the smartcard out of the reader, and the screensaver would automatically kick in.

Unfortunately with it being a windows based thing, the SSO functionality didn't include non-Windows servers or desktops, but that was a decade ago.

No-one ever heard of SSO (single sign-on?) If I forget any I just ring up the security guy and he resets it for me. the only problem is that it is so difficult trying to think of a new password as the various systems remember your last few and you get messages saying that it is too similar to the old ones. For logging on to my desktop I have a smartcard and I'll not forget that one, then on my desktop I use a virtual Post-It note with all systems and passwords.