ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. password
    Log in to post
    • All categories
    • gjacobse

      ADUC Set Password Expiry
      IT Discussion • wfh work from home aduc password password expiry reset password expiry active directory • • gjacobse

      13
      0
      Votes
      13
      Posts
      282
      Views

      gjacobse

      @irj said in ADUC Set Password Expiry:

      @gjacobse said in ADUC Set Password Expiry:

      @irj said in ADUC Set Password Expiry:

      You gotta teach good culture

      Good Luck

      Sometimes people have to be inconvenienced for security

      Don't disagree - but can't stop doing business either.

      Managing all these exceptions is an operational nightmare that will create a load of technical debt.

      No lie - and no argument there. But resetting the expiry date/time doesn't seem all that different than resetting any password. few clicks and poof.

      I can understand your point, but some responsibility for security must fall on the user. Management of course has to buy in on this and/or give full control of IT policies to a CISO/IT manager/generalist (depending on size of business).

      Again - no disagreement. Barring this - being able to set a date for the password to expire that isn't to far out of policy seems better and more ideal than some of the options.

    • scottalanmiller

      Make Simple User Passwords
      IT Discussion • security password • • scottalanmiller

      16
      6
      Votes
      16
      Posts
      609
      Views

      J

      I like this too, especially since I've had that graphic (the one they reference on their site) on the wall in our Lab for many years!

      @JaredBusch said in Make Simple User Passwords:

      @scottalanmiller said in Make Simple User Passwords:

      Ever need to make passwords for users and, let's face it, in the real world a lot of customers demand some pretty silly simply passwords. Using password generators often results in passwords that customers will not (and maybe cannot) use. A ridiculous situation, obviously, but it is reality. Passwords are simply difficult to often pass on to someone.

      When generating temporary passwords, having something super strong is rarely very important. But avoiding something too hard to be used is needed. But just making up something non-random or even non-unique is really bad.

      What's a compromise?

      https://www.dinopass.com/

      Yup, here is reality. Sometimes children's tools just make more sense when, well, you can draw your own conclusions.

      I use CHBS
      http://correcthorsebatterystaple.net/

      1335539d-360c-48f7-83a1-3e3a03adbf45-image.png

    • wrx7m

      PowerShell - Off-boarding Script
      IT Discussion • powershell windows server active directory ad script scripting office 365 microsoft password password reset • • wrx7m

      12
      1
      Votes
      12
      Posts
      2036
      Views

      dafyre

      @wrx7m said in PowerShell - Off-boarding Script:

      @dafyre said in PowerShell - Off-boarding Script:

      @wrx7m said in PowerShell - Off-boarding Script:

      @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

      Anyway, I am not sure where, in my script, I should place that function.

      You'd put the actual function at the top of your script, and then just

      $myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

      Wherever you need the password in plain text form.

      Thanks. It mostly works. The only problem is that it isn't actually using the password I specify at the top. It is somehow generating its own and then writing it at the end. I put in

      write-host "Plain Text Says: $plainText"

      and it shows the password that I typed in for the secure variable at the beginning, followed by the one that it generated.

      Plain Text Says: $#@%4#@177 Jof91348

      Works fine for me here.... Check and make sure you don't have an extra write-host or anything somewhere.

      4a0db1d0-785c-4771-9ad2-9cec6cb0434a-image.png

    • JaredBusch

      WebAuthn now a standard
      News • password webauthn w3c security • • JaredBusch

      20
      3
      Votes
      20
      Posts
      572
      Views

      stacksofplates

      @Dashrender said in WebAuthn now a standard:

      @stacksofplates said in WebAuthn now a standard:

      @Dashrender said in WebAuthn now a standard:

      @stacksofplates said in WebAuthn now a standard:

      @scottalanmiller said in WebAuthn now a standard:

      @Dashrender said in WebAuthn now a standard:

      but how do you use a YubiKey on your phone?

      Screenshot from 2019-03-05 10-05-44.png

      That's exactly how I do it. You can also use the Yubiauth app on both the phone and Windows to hold OTP codes for stuff that doesn't support u2f.

      So there's a way to export the private key out of the YubiKey? or the sites allows for multiple public keys?

      Huh? You scan the QR code like you normally would but it stores it on the Yubikey instead. Then when you need the code you either tap it to your phone and it shows you all of the one time codes or you do it on your computer. Just like how Google authenticator works. For the u2f stuff, it works the same on Android as on your pc. The browser needs to support u2f and it does the challenge response.

      I've never used a YubiKey - I assumed the private code inside the YubiKey was there and no where else.

      It depends on the type of authentication.

    • DustinB3403

      Yealink Device Management Platform - Stores User Credentials in Plain-Text
      IT Discussion • yealink security blunder local on-premise security password privacy hell no ffs • • DustinB3403

      15
      0
      Votes
      15
      Posts
      802
      Views

      DustinB3403

      So this has been changed in their newest release 2.0.0.25 (not sure if it's publically available), and while the credentials are no longer in plain-text there are a few things you lose the ability to do.

      Namely to tell if any given used is logged into a device, and secondly to sign in/out as a user on any given device.

      I've provided my feedback to Yealink and hope to hear back soon. Neither of the above 2 issues are deal breakers, as the bigger goal is to be able to set configuration options, screensavers, time servers etc and have the user deal with the login.

      Especially since the "Web Sign in" functionality is so simple, there is little reason to need the ability to sign in for a user.

    • Pete.S

      What to do when password is lost for Supermicro IPMI.
      IT Discussion • supermicro ipmi password reset password • • Pete.S

      1
      2
      Votes
      1
      Posts
      3722
      Views

      No one has replied

    • nadnerB

      Change your Twitter password
      News • twitter security password reset password • • nadnerB

      2
      4
      Votes
      2
      Posts
      528
      Views

      JaredBusch

      Changed, though I already had login verification setup so no way someone else would get in easily.
      0_1525401327754_d65c3f50-c905-47c5-b2b5-903e8bb692f5-image.png

    • travisdh1

      Lenovo finger print manager pro gives us passwords to anyone.
      IT Discussion • lenovo seurity fingerprint password biometric • • travisdh1

      3
      3
      Votes
      3
      Posts
      581
      Views

      scottalanmiller

      Lenovo... giving you the finger.

    • Emad R

      Solved Reset MySQL password on Fedora 26
      IT Discussion • fedora mysql reset password • • Emad R

      6
      0
      Votes
      6
      Posts
      1231
      Views

      JaredBusch

      @emad-r said in Reset MySQL password on Fedora 26:

      @dashrender

      Correct, without doing any thing. And this was the first time for 2 things:

      Autogen password password password.

      back in the day, you install you get blank pass, and use mysql_secure_installation

      You still do. No idea what you did

    • gjacobse

      AD User Tool: Bulk AD User
      IT Discussion • server 2012 r2 security ad active directory domain domain active directory password reset password • • gjacobse

      15
      1
      Votes
      15
      Posts
      2973
      Views

      Dashrender

      @dbeato said in AD User Tool: Bulk AD User:

      @Dashrender Then, he needs to force it with Powershell no just a GUI....

      Agreed.

    • mlnews

      GE Power Grid Relays Found with Hard Coded Password and Breached Encryption
      News • general electric security password • • mlnews

      7
      0
      Votes
      7
      Posts
      793
      Views

      scottalanmiller

      @coliver said in GE Power Grid Relays Found with Hard Coded Password and Breached Encryption:

      One of the many reasons we need to work to modernize our electrical system.

      Or, you know, use competent contractors for the components.

    • mlnews

      Microsoft Ditches Passwords to Return to One Factor Authentication
      News • ars technica security microsoft windows password • • mlnews

      12
      3
      Votes
      12
      Posts
      1578
      Views

      scottalanmiller

      @JaredBusch said in Microsoft Ditches Passwords to Return to One Factor Authentication:

      @Reid-Cooper said in Microsoft Ditches Passwords to Return to One Factor Authentication:

      @matteo-nunziati said in Microsoft Ditches Passwords to Return to One Factor Authentication:

      people at microsoft
      alt text

      I think that that picture makes it harder to find confidence in the products 🙂

      Just the sad state of fashion in the late 70's

      The hair styles are the worst part.

    • gjacobse

      Outlook repeated prompt for password
      IT Discussion • outlook 2013 outlook 2010 outlook 2016 o365 password • • gjacobse

      24
      3
      Votes
      24
      Posts
      6170
      Views

      coliver

      Real solution... Stop using outlook and push to OWA.

    • gjacobse

      UBNT Forgot / Lost UserID Password
      IT Discussion • ubnt access point controller security password • • gjacobse

      7
      2
      Votes
      7
      Posts
      1495
      Views

      Dashrender

      OH - sigh!

      Yeah yeah - fine.

      UBTN is username cap sensitive...

    • IRJ

      Personal Password Strategy
      IT Discussion • password password managers keepass lastpass dashlane • • IRJ

      12
      0
      Votes
      12
      Posts
      1928
      Views

      Dashrender

      yeah I was thinking that was the major draw back.

      And systems like Paypal or banking - those allowing a simple email reset just bug me.

    • antonit

      How do you store your passwords?
      IT Discussion • password managers password lastpass • • antonit

      28
      0
      Votes
      28
      Posts
      3856
      Views

      gjacobse

      @scottalanmiller said:

      Stickie notes.

      pzv5j7l.jpg

    • Ambarishrh

      Centralized password manager
      IT Discussion • password password managers • • Ambarishrh

      20
      0
      Votes
      20
      Posts
      2773
      Views

      travisdh1

      @Jason said in Centralized password manager:

      @JaredBusch said in Centralized password manager:

      @dafyre said in Centralized password manager:

      @JaredBusch said in Centralized password manager:

      @fuznutz04 said in Centralized password manager:

      @JaredBusch What do you use?

      I have been using LastPass since 2007 or so.

      The standard $12 subscription lets you share a folder. So I made a
      "Company" folder with subfolders for each client. and shared the Company folder out.

      For a small consultancy like ours, it works well.

      $12 per month, or per year?

      Also... how did you handle the LastPass breach?

      Per year, and I changed my password. Nothing else needed. I do not have 2FA enabled because I feel getting a text or something to the same damned device I am logging in on defeats the purpose of 2FA. My current LastPass password is a phrase about 30 characters long or so. I have lastpass set to log out automatically when my browsers close, etc.

      You can use google authenticator.

      That's what I use. I do have it turned off for my phone tho, no point in having the device you get the code from require a code. Don't really use the phone version except to lookup passwords when I'm away from one of my normal computers/browsers.

    • Nic

      Lenovo screws the pooch yet again on the security front
      IT Discussion • lenovo security password • • Nic

      13
      8
      Votes
      13
      Posts
      2353
      Views

      Deleted74295

      @Nic said:

      And if you have to, at the very least wipe the machine and start from scratch with your own image.

      Now, that used to work. 🙂 Now it does not.

    • gjacobse

      Ensuring Security - Passcode cycle
      IT Discussion • ssh ssh tunnel security password passcode passphrase encryption • • gjacobse

      4
      1
      Votes
      4
      Posts
      1256
      Views

      scottalanmiller

      LUKS will work great for that. We used it in big finance to deal with stuff like government bank account details.

    • Lakshmana

      No Password in Microsoft soon?
      IT Discussion • microsoft password security biometrics • • Lakshmana

      3
      0
      Votes
      3
      Posts
      966
      Views

      scottalanmiller

      I think for a lot of people they are already mostly gone.