Announcement

Collapse
No announcement yet.

Mainframe password management

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Mainframe password management

    I had an email conversation with our head of Bookkeeping this morning. It started with him sending me quick email telling me my password had expired on the mainframe interface, which has a stylized name in the form of Nterface. It's a stupid name so they can copyright it, I guess.

    I go into Nterface. I don't see anything telling me my password has expired. I dig through some menus and finally find Notifications, which includes a notification that my password has expired. I relay this to Bookkeeper. He says it should pop up in the lower right corner of the screen when I open the software, but only stay for a few seconds. So I try closing and re-opening the software. Nothing. He says it only shows the first time you open Nterface for the day. I'm too busy doing other things first thing in the morning while waiting for the software to load to watch my screen for a popup that's going to disappear without me clicking on it!

    I go to change my password. There's no information about password complexity. I try a password, and luckily it works. I know from past experience that if your password isn't long enough or complex enough, it will give you an error code, but won't tell you what that code means or how to find out.

    I asked Bookkeeper if there's somewhere I can submit a suggestion about these things, but he brushed it aside. It seems like no one cares about the user experience.
    "I look at the stars. It's a clear night and the Milky Way seems so near. That's where I'll be going soon. "We are all star stuff." I suddenly remember Delenn's line from Joe's script. Not a bad prospect. I am not afraid. In the meantime, let me close my eyes and sense the beauty around me. And take that breath under the dark sky full of stars. Breathe in. Breathe out. That's all."
    -Mira Furlan
    Tags: None
  • #2
    Funnily enough, Ghel, a lot of companies think that passwords with symbols, etc. in them are "better" security-wise. But that isn't always the case.

    If you have a phrase that's easy for you to remember, but hard for someone else to guess (like the common example "purplemonkeydishwasher"), that's actually MORE secure than something like A1$fgG0O2 (I just made that up, by the way), especially if you add "special characters" to the phrase (like purplem0nkeyd1shw@sher).

    See this XKCD:

    https://xkcd.com/936/
    Skilled programmers aren't cheap. Cheap programmers aren't skilled.

    Comment

    • #3
      There's always an XKCD...
      “There are two novels that can change a bookish fourteen-year old’s life: The Lord of the Rings and Atlas Shrugged.
      One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world.
      The other, of course, involves orcs." -- John Rogers

      Comment

      • #4
        Yes, all that. Additionally, if they make us change our password every 30 to 90 days, it forces us to write it down or risk forgetting it. And every one of the 2 dozen or so applications and websites that we use regularly has different password requirements and schedules for changing them.
        "I look at the stars. It's a clear night and the Milky Way seems so near. That's where I'll be going soon. "We are all star stuff." I suddenly remember Delenn's line from Joe's script. Not a bad prospect. I am not afraid. In the meantime, let me close my eyes and sense the beauty around me. And take that breath under the dark sky full of stars. Breathe in. Breathe out. That's all."
        -Mira Furlan

        Comment

        • #5
          My company changed their intranet password policy just as a number of people's passwords expired (they probably expired the passwords on purpose)...unknown to anyone at the time, the new policy forbids any given character string that was used in the past 7 passwords. Upon trying to change a password, the error message kicked back was "password does not conform to policy" with no indication the policy had changed. So a password that was fine under the old policy suddenly wasn't. I figured this out by writing down each attempted password reset until a pattern emerged...luckily they didn't limit change attempts the day this hit. I then spent a good hour or so helping everyone who hadn't figured it out (and trying to explain why they could no longer do what they'd been doing).

          Of course now that we sussed this one out, the next policy change will use not only password history but also disallow any iteration of a given string...
          Last edited by Dreamstalker; 07-07-2023, 01:16 AM.
          "I am quite confident that I do exist."
          "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

          Comment

          • #6
            I was thinking of the XKCD on that one even before I saw the link. My question is, why is a multi-word pass like that generally more secure than a gibberish-with-symbols pass of the same length, at least in theory? I'm honestly curious.
            "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
            "The difference between an amateur and a master is that the master has failed way more times." - JoCat
            "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
            "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
            "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
            "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
            Acts of Gord – Read it, Learn it, Love it!
            "Our psychic powers only work if the customer has a mind to read." - me

            Comment

            • #7
              I'm not sure either is any more secure than the other in systems with a "3 strikes and you're out" policy. The XKCD comic seems to be about brute-force hacking a password, which you can't do if the account is locked out for too many incorrect guesses.
              "I look at the stars. It's a clear night and the Milky Way seems so near. That's where I'll be going soon. "We are all star stuff." I suddenly remember Delenn's line from Joe's script. Not a bad prospect. I am not afraid. In the meantime, let me close my eyes and sense the beauty around me. And take that breath under the dark sky full of stars. Breathe in. Breathe out. That's all."
              -Mira Furlan

              Comment

              • #8
                it's no more secure than a gibberish password of equal length, but it is easier to remember than a gibberish one of half the length and you can make them as long as the policy allows (I joined a site this week with a 12 character minimum on the passwords, but I've seen others with a similar maximum.)

                Using symbols for letters isn't much more secure in those situations, it might add a couple of permutations but it's better to add them before/between/after words to alter the length and complexity of the password. Using "l33t sp34k" is expected in many password cracking dictionaries, so they'll search for those alternatives by default. If you are using the multi-word method, make sure it's a nonsense sequence of words, not a sentence, because many obvious quotes also crop up in those dictionaries.
                This was one of those times where my mouth says "have a nice day" but my brain says "go step on a Lego". - RegisterAce
                I can't make something magically appear to fulfill all your hopes and dreams. Believe me, if I could I'd be the first person I'd help. - Trixie

                Comment

                • #9
                  I'm sure I've mentioned this before, but our intranet PW policies--in addition to having a few 'rules' that are antithetical to good password policy in general--are far more stringent than the actual system passwords. The latter are basically a stellar example of Never Do This(tm)...fairly simple to guess and predict future changes, and it's standardized to the point where anyone in any store could access a computer in any other store (register logins are more secure!). Some individual programs still require 'unique' passwords, but I've already guessed a few of those...
                  "I am quite confident that I do exist."
                  "Excuse me, I'm making perfect sense. You're just not keeping up." The Doctor

                  Comment

                  • #10
                    Quoth EricKei View Post
                    I was thinking of the XKCD on that one even before I saw the link. My question is, why is a multi-word pass like that generally more secure than a gibberish-with-symbols pass of the same length, at least in theory? I'm honestly curious.
                    If they're the same length, they would both have the same entropy and the same possible complexity.

                    What's easier to remember?

                    This: r~=0M:u4Z%]#E*XfNnNh,)
                    or this: purplemonkeydishwasher

                    They're both 22 characters long. And they both have (in theory) the same possible permutations because they're both 22 characters long.

                    However, because of the length one is harder to remember than the other.

                    But even if you cut the more random one in half, r~=0M:u4Z%]

                    It's still easier to remember purplemonkeydishwasher.

                    So let's say you have two computers at your house.

                    You want to make them secure, but you want the password to be easy to remember, but hard for someone to guess. So you might pick for your password something like CasaBonitaComputadoraUno for your main computer. Easy to remember, right? It's also 24 characters long.

                    And let's say for your other computer (let's assume it's a laptop) you want to give it a long password also. You might give it something like MarioLuigiPeachToadLinux

                    Again, you can memorize that, but it would be hard to guess, as it's also 24 characters long.
                    Last edited by mjr; 07-11-2023, 03:37 PM.
                    Skilled programmers aren't cheap. Cheap programmers aren't skilled.

                    Comment

                    • #11
                      My job has been increasing the complexity requirements for passwords, and it's getting to the point where it's impossible to remember them. And what do people do if they can't remember something? Write it down, of course. Which is exactly what they tell you not to do. I've heard that your passwords should be "easy to remember but hard to guess." I guess my job only heard the second part.

                      A few months ago, I got an email telling me my password was about to expire and that I needed to change it. Looking back now, I probably shouldn't have done it on a Friday. When I went to log in on Monday, I couldn't remember what I changed my password to. Obviously, that part was on me. So I had to get it reset, and then come up with a new password. It took me several attempts, because everything I came up with supposedly didn't meet requirements. Eventually, I came up with one and I was in... for one day. When I tried to log in the next day, it wasn't accepting my password that I had used without a problem the day before. So I had to get it reset again, and waste a good 20 minutes coming up with one that it would accept. Interestingly enough, I tried using the one that it was supposed to be, but it told me that I had just used that password. So it wasn't the correct password when I tried to log in, but it was my previous password when I tried to use it.
                      Sometimes life is altered.
                      Break from the ropes your hands are tied.
                      Uneasy with confrontation.
                      Won't turn out right. Can't turn out right

                      Comment

                      Previous template Next
                      Working...
                      X