[Cialug] Password Resets

Justin Richeson neomatrixjr at gmail.com
Mon Jun 28 04:20:24 UTC 2021 

Do not give the user a password...for giving the user a password gives them
the opportunity to f__k it up 6 times and lock out again.  Instead, invest
your many hours of password resets into creating a secure password reset
system...and teach users to fix their own f__k-ups.
Then, convince your company to fire anyone that resets their passwords more
than twice in any given day more than 3 times...'cause that person ain't
smart enough for office work.

On Fri, Jun 25, 2021 at 8:41 AM kristau <kristau at protonmail.com> wrote:

> I feel for you, sir!
>
> I especially enjoyed the "tried every different combination" part. Phil,
> every different combination of that exact string is a set of 1. I just
> about sprayed coffee over my keyboard.
>
> Thanks!
> kristau
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> On Thursday, June 24th, 2021 at 9:43 AM, Todd Walton <tdwalton at gmail.com>
> wrote:
>
> > No matter how hard a person tries, he or she is never going to escape
> >
> > users... they're always there... lurking around the next corner... ready
> >
> > to launch upon the unsuspecting IT person such offenses as "the password
> >
> > reset". Let's call my attacker Phil.
> >
> > An IM transcript:
> >
> > 14:46 Phil: That password "password" is not working
> >
> > 14:47 Phil: Wait. It worked!
> >
> > 14:49 Phil: tried every differnet combination and no luck
> >
> > 14:51 Me: Every different combination of what?
> >
> > 14:51 Me: Your password worked? Or didn't work?
> >
> > 14:52 Phil: password
> >
> > Phil, that isn't even English syntax. You gotta help me out, buddy. I
> >
> > literally set your password to "password" and told you that's what it
> was.
> >
> > All you gotta do is type "password". You could even cut and paste the
> >
> > actual word into the password field.
> >
> > I like the customer support aspect of my job. I like creating satisfied
> >
> > customers. I know it's a little dorky, but I cheered when Tron said "I
> >
> > fight for the user!" But people like Phil really test the limits. I spent
> >
> > an hour on this password reset. I'm not help desk. Resetting passwords
> >
> > isn't my primary reason for being employed. Oy, the literal headache.
> >
> >
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> >
> > Todd
> >
> > Cialug mailing list
> >
> > Cialug at cialug.org
> >
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>

More information about the Cialug mailing list