Whooooops....(NA)

[eman1200]

Eman1200 goofed today.

So we are a huge company spread out across the country. For work we use a group chat tool for our group to communicate with each other. People in my group are logged into that all day every day. We also use an instant messenger to communicate more on a one on one basis.

So today there was a server issue.....eman1200 to the rescue, right? Well I couldn't log on to this server, I tried twice before realizing.....I had put my password into the active window, which in this case was the group chat window.

Now let's step back for a second and discuss my 'work password' philosophy. Basically, this is my one and only chance to really stick it to my job, u know, really say the nastiest, vulgaristiest stuff, knowing there is no way they could ever do anything about it since it's supposed to be secure and encrypted. Add to that the fact that I am the mostest immaturest person on the planet and intentionally use my password as an opportunity to let my immaturity shine to its fullest, well, you can imagine how the conversation in the group chat went for the rest of the day.

Basically, think nasty wrapped in dirty smothered in vulgar covered in 'holy sht' then dragged in perversion and dripping with boobs, of course.

Good times.

 

[Grum.Man]

Pictures or it didn't happen.

 

[Mason]

so.... have you changed your password?

 

[denverpilot]

Dual factor auth fixes the real security problem created. Fixing the political problem created is a whole different thing.

I watched the fallout from my boss telling the CEO that the thing the CEO just described as a "solution" was actually a "****ing kludge" once. Both my boss and the CEO survived, and they both were right. The "solution" allowed a product that couldn't have shipped at all without it, to ship... And it cost the support department untold numbers of man-hours and money fixing it for almost two decades.

I've also had to deal with someone blabbing and telling the upper bosses what their notes in support tickets meant when they covered it up with commonly known acronyms like PEBKAC. ("Problem Exists Between Keyboard and Chair".) We had a little "team meeting" where I got to "suggest" that perhaps putting that particular acronym in the Director's ticket that his laptop didn't work right wasn't the smartest of ideas, and telling him what it meant was even dumber.

 

[eman1200]

2FA is the biggest pile of sht ever in the history of IT. I flippin hate the sht out of 2FA.

 

[denverpilot]

2FA is the biggest pile of sht ever in the history of IT. I flippin hate the sht out of 2FA.

Why? Done right, it works really well.

Of course there are plenty of ways to do it extremely wrong and they're popular. You stuck with one of those?

I was having to both use and support 2FA schemes all the way back into the late 90's when they barely worked at all. Ever have to add 2FA to *telnet*?! (Haha. Think about the security implications of that for a minute... Telnet...)

Something you know, something you have, and something you are -- have been tenets of classified program access for a decade longer or more than even I started having to use and support 2FA in telecom.

But we had 2FA auth systems that worked nearly flawlessly and hadn't had outages in decades. Literally decades, in telecom at the big carriers. Wasn't even noticeable that you used it multiple times per day.

There are definitely implementations done horribly wrong nowadays though. Which one do you have to deal with?

 

[StevieTimes]

I worked at a company with a large legacy mainframe system. One day I was working down in operations, and we were going through the security file for some reason, and I saw everyone's passwords, like in a big column list.

You are not the only one who uses improper language in their passwords! It is way more common than I would have thought.

 

[SkyDog58]

Sounds like someone needs to head over to Twin Peaks for some B&B.

 

[Hank S]

Sounds like someone needs to head over to Twin Peaks for some B&B.

Take me! Take me!! Me me me me me me!!!!

 

[eman1200]

Sheeeeit, that's a da mn good idea!

 

[flhrci]

so.... have you changed your password?

He probably made it even worse.

 

[mscard88]

Sheeeeit, that's a da mn good idea!

Get your boob fix eman!

 

[eman1200]

Get your boob fix eman!

Lol love me some boobage!

 

[mscard88]

Lol love me some boobage!

You are not alone my man, not at all!

 

[BigBadLou]

so.... have you changed your password?

Only if anybody thought it might actually be a password and not just a rant from a disgruntled co-worker.

 

[Sac Arrow]

I have to tell you, reading some of these IT threads makes me feel like an 80 year old grandmother that just signed up for Facebook.

 

[eman1200]

I have to tell you, reading some of these IT threads makes me feel like an 80 year old grandmother that just signed up for Facebook.

now that's one I haven't crossed off the to-do list yet........a grandma!

 

[mscard88]

now that's one I haven't crossed off the to-do list yet........a grandma!

I've seen some pretty attractive and hot grannies eman!

 

[Sac Arrow]

I've seen some pretty attractive and hot grannies eman!

When I was a new recruit enroute to my first Army tour of duty station, there was a guy named Unger (that was actually his name but I'm sure there are plenty of Ungers in the world so I'm not afraid of exposing him) who purported to have done an 84 year old granny. And he taped it. And played the tape back for us. It was.... disturbing. His voice was inaudible. Her moaning was not. It sounded like the real deal.

 

[eman1200]

Unger, my hero.

Crazy, sick, twisted, and demented. But still my hero.

 

[Timbeck2]

Dude....I'm eating.

 

[Stingray Don]

I need a mental palate cleanser - Stat!

 

[vontresc]

Post it in this thread, let's see how many words get censored ;-)

 

[SkyDog58]

Lol love me some boobage!

Sort of figured you did.

 

[denverpilot]

At least he didn't say he loved him some granny panties. LOL

 

[eman1200]

Why? Done right, it works really well.

Of course there are plenty of ways to do it extremely wrong and they're popular. You stuck with one of those?

I was having to both use and support 2FA schemes all the way back into the late 90's when they barely worked at all. Ever have to add 2FA to *telnet*?! (Haha. Think about the security implications of that for a minute... Telnet...)

Something you know, something you have, and something you are -- have been tenets of classified program access for a decade longer or more than even I started having to use and support 2FA in telecom.

But we had 2FA auth systems that worked nearly flawlessly and hadn't had outages in decades. Literally decades, in telecom at the big carriers. Wasn't even noticeable that you used it multiple times per day.

There are definitely implementations done horribly wrong nowadays though. Which one do you have to deal with?

so I'm kind of looking at it from an end user perspective........I support a ton of servers (500+) and when an issue arises or when we do upgrades etc...I have to log onto, well, let's just say 'more than one' server. having to 2FA my way into even a single server is a royal pain in my arse. I just recently switched to an RSA soft token, which helps a tiny little bit, and if you count the total # of clicks to log onto a server from start to finish, which I did..........SIXTY mother friggin clicks. SIX ZERO. that's without fat fingering a username or password which, from this thread, you can see is quite possible. on top of that pathetic boolsheet, I have to wait one full minute for a new token. every time. so, to log on to 5 servers is a bare minimum of 5 fookin minutes plus THREE HUNDRED CLICKS. god forbid while I'm working on one server another locks......I have to go through the entire process again. FK 2FA, it SUX my arse.

 

[SkyDog58]

At least he didn't say he loved him some granny panties. LOL

But did he rule it out?

 

[mscard88]

But did he rule it out?

He hasn't! I think he likes him some granny boobie.

 

[Tex_Mike]

A few weeks ago I was on a WebEx when one of the participants was having a hard time sharing a document. So being the nice guy that I am I shared the document for him. About 20 minutes go by and I am getting bored with the conversation. So what do I do? I launch into a PoA session. I'm cruising around for about 5 minutes before it hits me. I smashed the X and sat in silence. No one ever said a word about it. Guess I wasn't the only one who tuned out.

 

[denverpilot]

so I'm kind of looking at it from an end user perspective........I support a ton of servers (500+) and when an issue arises or when we do upgrades etc...I have to log onto, well, let's just say 'more than one' server. having to 2FA my way into even a single server is a royal pain in my arse. I just recently switched to an RSA soft token, which helps a tiny little bit, and if you count the total # of clicks to log onto a server from start to finish, which I did..........SIXTY mother friggin clicks. SIX ZERO. that's without fat fingering a username or password which, from this thread, you can see is quite possible. on top of that pathetic boolsheet, I have to wait one full minute for a new token. every time. so, to log on to 5 servers is a bare minimum of 5 fookin minutes plus THREE HUNDRED CLICKS. god forbid while I'm working on one server another locks......I have to go through the entire process again. FK 2FA, it SUX my arse.

If those servers are Linux, you need to embrace Ansible or Puppet/Chef. On Windows, well... Enjoy. Haha. (Oh there's Windows tools but they mostly suck.) Why log into servers at all anymore?

 

[denverpilot]

A few weeks ago I was on a WebEx when one of the participants was having a hard time sharing a document. So being the nice guy that I am I shared the document for him. About 20 minutes go by and I am getting bored with the conversation. So what do I do? I launch into a PoA session. I'm cruising around for about 5 minutes before it hits me. I smashed the X and sat in silence. No one ever said a word about it. Guess I wasn't the only one who tuned out.

Heh heh. Dual monitors and ONLY share the app... Never the whole desktop.

I've seen some HILARIOUS instant message and email pop ups in meetings.

 

[denverpilot]

P.S. Best email pop up ever was on the screen of an exec from HR at some rah rah thing they touted as mega-important for all to attend and mandatory...

Their email pops up saying there's a new email from a higher exec in HR with...

Subject: Lunch

And the top line of text preview read...

"Are you done with that stupid meeting yet?"

 

[deonb]

Why? Done right, it works really well.

Of course there are plenty of ways to do it extremely wrong and they're popular.

I worked for a company until 2 years ago where 2FA was done initially with physical smart cards, and later with virtual smart cards using TPM chips. I thought TPM was the best thing ever - it worked line a charm, and much easier than even a simple password. It's tied to your devices, so you don't forget your smart card or other 2FA device at home when you go to the office.

Forward 2 years and I'm now in a small startup, and tried to implement TPM virtual smart cards myself as pseudo-IT admin...

Ugh. What a complete pain. It doesn't seem there is any small business solution for this, and it doesn't work properly on all platforms - basically a non-starter. It's such a wasted opportunity - the technology is actually pretty great when it works.


So now looking at YubiKey instead, which is somewhat less painful but still not simple. You would think AWS would give you an option to bring up one of their VPN servers and just mail a bunch of keys to you, but no .

 

[Omalley1537]

I have to tell you, reading some of these IT threads makes me feel like an 80 year old grandmother that just signed up for Facebook.

Glad I'm not the only one!

 

[BigBadLou]

I am surprised nobody posted a YT link yet ...

 

[ChemGuy]

you sound like my buddy who works for ADP. lol. chat windows, IM, like 8 different payroll systems kludged together, etc.