|
Che Delilas posted:The solution to this is a temporary lockout after a number of failed attempts, not client-side javascript. Client side javascript is the most powerful of all the bank's various security measures. how dare you try to undermine the security engineer! That's entrapment! You're fired!
|
# ? Feb 11, 2015 01:53 |
|
|
# ? Jun 4, 2024 13:05 |
Having to whitelist several layers of scripts to use a business's site is an immediate red flag for me, as well.
|
|
# ? Feb 11, 2015 02:06 |
|
deimos posted:What convinced me Lastpass was great: Their response to heartbleed was to give you the list of your passwords on sites that were vulnerable to it, the last time you updated your password and when they stopped being vulnerable to heartbleed (and a convenient "should you change your password yes/no/maybe" column). I thought that was pretty neat. 1Password does the same thing and it's a really neat feature. It puts a red band on the entry you select says you should change your password and links to the advisory. They've also started flagging sites that have disclosed breaches. I'd like to see it evolve more and present an alert or list a summary of potentially compromised user IDs. I also think this will become a standard feature of all password managers.
|
# ? Feb 11, 2015 02:21 |
|
mattfl posted:He's your new CTO or IT Director isn't he???
|
# ? Feb 11, 2015 02:21 |
|
Lastpass also now has auto-changing of passwords too. You log into your vault and find a site that they support (I know amazon is one, I haven't seen a full list) and it opens the site, logs you in, goes to change password, changes it and saves the new password. Pretty nice.
|
# ? Feb 11, 2015 04:13 |
|
Not to derail this too much, but since we're on the topic of LastPass I'm curious if anyone else is running into a problem I'm having. I've been using it for a month or so, completely awesome, two-factor auth set up and all that. Let's say I want to log on to Amazon.com (and my browser hasn't authenticated into LastPass yet). I go to the Amazon password field and then go to auth to LastPass. I type in my Master Password and I get the two-factor auth popup. At the same time...it fills my password into the Amazon form. Didn't need to complete the two-factor auth process. So uhh..that's really lovely? I have to be doing something wrong here. I can probably uncheck "Automatically Fill Login Information" but that can't be default behavior. Okay thanks, back to gently caress PRINTERS. Edit: Googled right away, answered my own question. Relevant link: https://lastpass.com/support.php?cmd=showfaq&id=2775
|
# ? Feb 11, 2015 06:10 |
|
Super Slash posted:
I get this except they're never joking. 27" monitor on a lovely arm. It all weighs a ton.
|
# ? Feb 11, 2015 08:06 |
|
spiny posted:
Ooh Ooh I got this one! He lied and bullshitted his way from resume to post interview and then it turned out being in charge of IT at a large tech-focused company isn't a position you can bluster your way through. Don't worry though, he's making 6 figures as the head of something somewhere else now.
|
# ? Feb 11, 2015 16:05 |
|
A call came in... "I got a new computer and my password doesn't work. I can't get in" ok. I remote in, log in as an admin, reset their password with them (this is a teacher, and they have local accounts on their systems). Then, I proceed to witness them attempt to log in. After typing her credentials, she proceeds to press the "restart" button .. because that's how you log in, right?
|
# ? Feb 11, 2015 16:09 |
|
Nerdrock posted:A call came in... You know you can turn that off so they do not see the shutdown/restart buttons until they are logged in. This is for Win 7 but you can do the same thing on XP too.
|
# ? Feb 11, 2015 16:44 |
|
Trastion posted:You know you can turn that off so they do not see the shutdown/restart buttons until they are logged in. gently caress that, it's not that hard to not click restart.
|
# ? Feb 11, 2015 16:46 |
|
Trastion posted:You know you can turn that off so they do not see the shutdown/restart buttons until they are logged in. Indeed I do. Although, this is on a mac. It can be changed on macs as well... but... no.
|
# ? Feb 11, 2015 16:50 |
|
Nerdrock posted:A call came in...
|
# ? Feb 11, 2015 17:15 |
|
I can't tell you how many people I watched during our Windows 7 transition type in their username, password, then click "Switch User". Microsoft really should have made that arrow button say Login or Go or something. With no text it just kind of blends into the landscape. Of course the correct way to log in is to not take your hands off the keyboard at all and just press enter, but some people just love that mouse.
|
# ? Feb 11, 2015 21:27 |
|
Knormal posted:I can't tell you how many people I watched during our Windows 7 transition type in their username, password, then click "Switch User". Microsoft really should have made that arrow button say Login or Go or something. With no text it just kind of blends into the landscape. I have had the same experience. I watched a woman do it 3 times after I told her "Type in your username and password, then do nothing" so I could show her where to click. Nope, went straight to the Switch User button.
|
# ? Feb 11, 2015 21:39 |
Inspector_666 posted:I have had the same experience. I watched a woman do it 3 times after I told her "Type in your username and password, then do nothing" so I could show her where to click. Nope, went straight to the Switch User button. Did you tell her explicitly to "not click the Switch User button, it does not do what you think it does"?
|
|
# ? Feb 11, 2015 21:45 |
|
Switch user means the tech is supposed to hit the user with an actual switch.
|
# ? Feb 11, 2015 21:49 |
|
Every time I log into someone's computer with my administrator account (named something like XXX-administrator) I'll get a call telling me that they can't log in because it's locked by the administrator. Or if they ever switch desks or something, they tell me the previous person isn't letting them log in. They should have had the username field writable from the beginning, just like Windows XP did. The switch user button is just incomprehensible to so many people. At that, I wish the switch user function was disabled altogether. We have so many shared computers here that will end up with 7 or 8 active log-in sessions because people can't log off properly, or they just lock and leave it forever. Added with the fact our computers are literally other people's garbage, they start acting like poo poo with that many resources used.
|
# ? Feb 11, 2015 21:51 |
|
nielsm posted:Did you tell her explicitly to "not click the Switch User button, it does not do what you think it does"? I told her not to touch the mouse. Anything more granular than that seemed to be lost. But apparently even that command was too complex. Orcs and Ostriches posted:Every time I log into someone's computer with my administrator account (named something like XXX-administrator) I'll get a call telling me that they can't log in because it's locked by the administrator. Or if they ever switch desks or something, they tell me the previous person isn't letting them log in. You can disable the Switch User button on the lock screen via a GPO, and you can get rid of the start menu option the same way.
|
# ? Feb 11, 2015 21:52 |
|
Orcs and Ostriches posted:Every time I log into someone's computer with my administrator account (named something like XXX-administrator) I'll get a call telling me that they can't log in because it's locked by the administrator. Or if they ever switch desks or something, they tell me the previous person isn't letting them log in. Can't you disable the fast switching with group policy or something? Garrand fucked around with this message at 21:59 on Feb 11, 2015 |
# ? Feb 11, 2015 21:55 |
|
Super Slash posted:New starter; set up machine and cabling under the desk, fit the desk arm and mount monitor, perfect. Existing user, new monitor, wants it wall-mounted with an arm "Mount the monitor over here so it's got room to swing under the cabinet, that works!" *drill holes, mount arm, set up monitor, user is ecstatic* <two weeks later> "Hey Ozz, remember that monitor I had you mount in my office? I need it moved 2 offices down since I'll be sitting there now. We just got informed today of the move " *drive back on site to pull the wall mount, drill new spots in the new office & re-mount everything again*
|
# ? Feb 11, 2015 22:01 |
|
Does anybody have a neat trick to mask the disappointment in your voice when the user does something stupid?
|
# ? Feb 11, 2015 22:08 |
|
Inspector_666 posted:You can disable the Switch User button on the lock screen via a GPO, and you can get rid of the start menu option the same way. Garrand posted:Can't you disable the fast switching with group policy or something? I had that disabled for a while, but with no way to kick logged-in users off, most of the shared computer became unusable very quickly. What I'd really want is a function that forces a log off if the screen locks, so that a computer couldn't be left unused with someone logged in.
|
# ? Feb 11, 2015 22:10 |
|
ElGroucho posted:Does anybody have a neat trick to mask the disappointment in your voice when the user does something stupid?
|
# ? Feb 11, 2015 22:13 |
Orcs and Ostriches posted:I had that disabled for a while, but with no way to kick logged-in users off, most of the shared computer became unusable very quickly. What I'd really want is a function that forces a log off if the screen locks, so that a computer couldn't be left unused with someone logged in. Telling people to pull the power cord/hold down the power button for 10 seconds is standard practice where I am.
|
|
# ? Feb 11, 2015 22:15 |
|
Orcs and Ostriches posted:I had that disabled for a while, but with no way to kick logged-in users off, most of the shared computer became unusable very quickly. What I'd really want is a function that forces a log off if the screen locks, so that a computer couldn't be left unused with someone logged in. Just set an event to reboot the computer every 15 minutes
|
# ? Feb 11, 2015 22:15 |
|
no he said neat
|
# ? Feb 11, 2015 22:16 |
But I've had someone who clicked the "How do I log on to a different domain?" link below the password box, and wondering why she wasn't getting in. But she did read aloud the message it then showed.
|
|
# ? Feb 11, 2015 22:18 |
|
skooma512 posted:HOLY poo poo MIDTOWN MADNESS 2 AND HALF OF A MECHWARRIOR GAME. I still remember my first foray into "cracking" with my dad - bought the shareware version of the original Quake game for $9 at Sam's Club and of course it prompted you to call to activate when you finished the first level. Dad found some little cracking program online, unzipped, entered whatever special code the phone person was supposed to give, and I got the full game in a few minutes. I remember thinking he was a goddamn wizard for doing that at the time, now I end up showing him more stuff for getting around security than he could ever know what to do with.
|
# ? Feb 11, 2015 22:23 |
|
nielsm posted:But I've had someone who clicked the "How do I log on to a different domain?" link below the password box, and wondering why she wasn't getting in. But she did read aloud the message it then showed. You know how "in one ear, out the other" is a thing? Some users seem to have taken that to a new level, where all of their senses and motor control functions are somehow wired together and yet completely bypass any sort of cognitive processing center.
|
# ? Feb 11, 2015 22:24 |
|
Ozz81 posted:I still remember my first foray into "cracking" with my dad - bought the shareware version of the original Quake game for $9 at Sam's Club and of course it prompted you to call to activate when you finished the first level. Dad found some little cracking program online, unzipped, entered whatever special code the phone person was supposed to give, and I got the full game in a few minutes. I remember thinking he was a goddamn wizard for doing that at the time, now I end up showing him more stuff for getting around security than he could ever know what to do with. I remember this, I used to have a Quake demo CD that also included demos for every other game Id software produced. All of them were locked with the same method, where it gave you a code, you called up and gave someone money, and they gave you a unlock code. The day I found out what the term "keygen" meant it loving blew my 14 year old mind.
|
# ? Feb 11, 2015 22:30 |
|
Orcs and Ostriches posted:I had that disabled for a while, but with no way to kick logged-in users off, most of the shared computer became unusable very quickly. What I'd really want is a function that forces a log off if the screen locks, so that a computer couldn't be left unused with someone logged in. Well, depending on how badly you want that to happen there is a....sort of solution. Microsoft released a winexit.scr for windows XP although it looks like it takes some adjustments to the registry to get it to work with win 7. Combined with removing the ability to lock and switch users with group policy I think that's all the possible ways for a person to mess up the computer by not being there.
|
# ? Feb 11, 2015 22:42 |
|
ElGroucho posted:Does anybody have a neat trick to mask the disappointment in your voice when the user does something stupid? Make your default tone of voice sound like that, then they will never notice.
|
# ? Feb 12, 2015 00:34 |
|
ElGroucho posted:Does anybody have a neat trick to mask the disappointment in your voice when the user does something stupid? Think of it as the beginning of a magical adventure into the realm of stupidity, and wonder if this trip will bring you further than you've ever gone before. Then, or
|
# ? Feb 12, 2015 00:42 |
|
ElGroucho posted:Does anybody have a neat trick to mask the disappointment in your voice when the user does something stupid? Yeah, make your voice sound like you're having an epiphany. "OHHH I see what's going on!" Disappointment in these situations usually comes with a little bit of surprise, since it's hard for us to believe a user would do something this stupid, so use that surprise to effect your tone of voice. To the user it'll just sound like you've figured out the problem. Alternatively, do the mechanic/Mythbusters thing. "Well THERE'S yer PROBLEM."
|
# ? Feb 12, 2015 01:48 |
|
A call came in. One of our clients' administrative users who shouldn't be poking about in AD accidentally deleted a 100+ member OU. And of course, AD Recycle Bin? Not enabled. But, on the flip-side, O365 hasn't DirSync'd in 50 hours. Gonna be a long night for sure.
|
# ? Feb 12, 2015 02:13 |
|
Priss In Plate posted:A call came in. Curious, what's your plan attack? If you remake the OU with same name won't it still screw stuff up?
|
# ? Feb 12, 2015 02:29 |
|
poo poo! Everyone go enable the accidental deletion checkbox right now.
|
# ? Feb 12, 2015 02:59 |
|
RE: Lastpass chat I've been researching SSO's for the past 2 weeks. While LastPass is great for personal use, it is garbage comparatively on an enterprise level. Check out Okta and OneLogin if at that level imo
|
# ? Feb 12, 2015 03:04 |
|
|
# ? Jun 4, 2024 13:05 |
|
AAB posted:RE: Lastpass chat
|
# ? Feb 12, 2015 03:06 |