OT: Senior try to change a password

That's not funny; that's reality. I have several passwords that are not suitable for small children after the first five or six attempts failed. The good part is one of those password rating programs labeled them Very Strong. N0$shit@ssh@l3s! (note: that is NOT one I've used. Yet.)

If you use Android try a program called Clipper.

That's hysterical!

ROFLOL!!!!!

"ReallyPissedOff50DamnBoiledCab bagesShovedUpYourAssIfYouDontG iveMeAccessNow" has a couple of spaces in it.

Many years ago, before there were all of the current password rules related to length, special characters, upper case, etc., I asked my buddy if I could use his laptop. " Sure" he said.

I asked "What's the password?"

"8"

"What do you mean "8??"

"Press 8 and hit enter."

Of course, it worked. He then explained it this way: "Do you really think t hat anybody is going to try a single keystroke as the password? Just look at how surprised you were ."

I couldn't argue.

A great idea of it would work. Most web sitess want 6 or 8 characters, alpha/numeric, capital letters, etc. I used to have a simple password for everything, now I have the simple one but variations of the other one. I have a long list. fortunately, Chrome is good at saving them for me.

Bad idea guys. You are presuming that someone is guessing at your password by typing them in manually, or some such. They are actually running various algorithms at you. An "8" would be caught before their finger got off the enter key.

Be careful, you can dig password out of browsers, including chrome. If someone has access to you computer, either physically or electronically, consider all your saved accounts to be compromised.

Since you asked, I change my password every 10 minutes.... I hope this answered your question.

I just scanned your system, and I could tell you YOUR password right now. But since you already know it, why should I tell you....

Instead, you tell me your password, and I'll tell you if it's correct.

No, but it forces a reset on active brute force attacks.

You would be surprised how many folks fall for that kind of a phishing phrasing.

I would posit that 99+% of all break ins are something foolish the user initiated

You actually make it easier. If the "algorithm" doesn't find it the first time, it won't find it. And, the bad guys don't run "brute force" attacks over the Internet. It is a really easy way to get caught.

nmap, which I use, has a option to slow scanning down to a crawl so you won't draw suspicion. (There is an exploit out there that nmap caught at a defense contractor where the white hat took over a year probing him once a day so as to not trigger lock outs on their firewall.)

I have to be extremely careful only to scan a single port and to only scan it a few times when I am doing an external probe for a customer (usually to fix the PCI [credit card security] external scan failures). Or I will have

A LOT OF 'SPLAINING TO DO

I received an email today informing someone had charged an iPhone to my PayPal account. All I had to do was log in... The first step to successful social engineering is being able to speak English.

Actually the phone scammer claiming to be M$ (Microsoft) have an Indian accent on purpose as M$'s tech support is in India.

Ooops. Sorry. That should have been "M$'s crappy tech support"

I've never talked to M$'s tech support. If I can't find the answer on the tech forums I work it out myself. I'm a little beyond the 'is the computer plugged in?' stage and when I do call the support people for some of the third party software we use, it doesn't go well. Three or four escalations up the food chain I might get someone who knows what I'm talking about.

Of course, I spend all too many hours a week supporting our support staff. 'Did you look at the log? Did you notice the line that said it couldn't find a configuration file and was exiting? Did you think about putting the damn file in place?'

Still, I'm glad to have them answering the phones and fielding some problems. My interactions with the actual clients are usually much worse.

I remember helping a VIP at work figure out why he couldn't access the intranet. That was interesting. Other incidences involved "teaching" some not so techie users how to reference images in their power point presentations, and other things. I got so frustrated at all the simple things some people couldn't do on their pc's I ended up creating a document giving them a step by step (with pictures) explanation of several procedures. To my surprise they actually USED it!