World Password Day

idriveakeyboard · 2019-05-01T06:25:02.000Z

So World Password Day is coming around again.

What are you doing to ‘celebrate’ it?

Publish passwords on the internet
Change all passwords to the same one
Create a 48 character random password generator and make it change everyone’s passwords every 2 hours
Sit at your desk and think ‘Ah! I didn’t know this was a thing’ and get on with your day.
Something else

kyleanderson5 · 2019-05-01T06:43:42.000Z

I’m looking to begin implementing password vaults on a customer site if that counts?

It’s truly mortifying how bad their passwords were/are and the global admin for their Office 365 just had his account breached so had to spend a good while figuring out how far the culprit got and what they were doing/had done.

By the looks of things, they didn’t realise that they had the global admins account and didn’t do anything too messy. but wasn’t playing any risks and got them all to change their passwords for sensitive information.

Going to be looking at putting in something like Thycotic if all goes well, but they will most likely bawl at that so I’ve been drafting together a couple bits and pieces I would like to try that can be done for free/minimal cost, any suggestions would also be greatly appreciated.

jcheetham · 2019-05-01T07:10:23.000Z

5, I’m going to be asked to reset a password via email,

I reset it and send what i’ve reset it to ( Passw0rd? ) back to them,

They send me another email saying it doesn’t work,

I test the application and it does, then email them back,

They then call me to say it doesn’t, turns out they didn’t type the ? at the end,

Who knew typing passwords exactly was a thing, surely if it’s just “close enough” it should let you in??

jcheetham · 2019-05-01T07:11:09.000Z

Although option 3 sounds pretty good now I think about it!

marcusharrop · 2019-05-01T08:57:48.000Z

I pick option 4.

james485 · 2019-05-01T09:27:40.000Z

Oh you mean I wasn’t supposed to re-run the group policy to force my users to change their password?

spiceuser-vo9e6 · 2019-05-01T09:44:50.000Z

Probably 4, though maybe I’ll write about the importance of strong passwords on my blog and pester my friends to read and share it… content is content, and views are views, lol.

robdixon · 2019-05-01T09:51:21.000Z

I’m going to celebrate it by upping the fun value of our login system. Why enter 1 password when you can enter 7 passwords, 5 pins, and 10 extra fun secure questions now with new draw pattern mode and puzzle solving locks to help you have fun fun fun securing your account. Mega awesome!

georgemcfarlin · 2019-05-01T09:52:10.000Z

2+4+5 so I am going to do 11.

spiceuser-34354 · 2019-05-01T10:19:33.000Z

First 4, then 3.

neko-neko · 2019-05-01T10:22:55.000Z

Going to update the password requirements:

Due to new security policies, the following guidelines have been issued to assist in choosing new passwords. Please follow them closely.

Passwords must conform to at least 21 of the following attributes.

1.  Minimum length 8 characters
2.  Not in any dictionary.
3.  No word or phrase bearing any connection to the holder.
4.  Containing no characters in the ASCII character set.
5.  No characters typeable on a Sun type 5 keyboard
6.  No subset of one character or more must have appeared on Usenet news, /dev/mem, rand(3), or the King James bible (version 0.1alpha)
7.  Must be quantum theoretically secure, i.e. must automatically change if observed (to protect against net sniffing).
8.  Binary representation must not contain any of the sequences 00 01 10 11, commonly known about in hacker circles.
9.  Be provably different from all other passwords on the internet.
10. Not be representable in any human language or written script.
11. Colour passwords must use a minimum 32 bit pallette.
12. Changed prior to every use.
13. Resistant to revelation under threat of physical violence.
14. Contain tissue samples of at least 3 vital organs.
15. Incontravertible by OJ Simpsons lawyers.
16. Undecodable by virtue of application of 0 way hash function.
17. Odourless, silent, invisible, tasteless, weightless, shapeless, lacking form and inert.
18. Contain non-linear random S-boxes (without a backdoor).
19. Self-escrowable to enable authorities to capture kiddie-porn people and baddies but not the goodies ("but we'll only decode it with a court order, honest").
20. Not decryptable by exhaustive application of possible one time pads.

Due to the severity of the restrictions, if the password is entered incorrectly 3 times at login time, you will be asked if you would like to pick a new one.

Son.of.Jor-El · 2019-05-01T10:24:27.000Z

I celebrated it by spicing the topic up, getting myself 1 point closer to another spice level, then never thinking about it again.

biscuitking · 2019-05-01T10:32:34.000Z

I’m going to try #5.

tomsteinmetz6433 · 2019-05-01T10:38:22.000Z

I think it would be fun to change people’s passwords every few hours but the calls would end up giving me a headache.

diegoflorez · 2019-05-01T10:41:55.000Z

Boom, 4. Didn’t know this was a thing, sounds like another made-up holiday, I’m just gonna sit here and get on with my day.

bob-13 · 2019-05-01T10:59:51.000Z

Option 3…

#######################################################################################################################
##                              Most of this Script came direct from "Hey Scripting Guy                              ##
## https://blogs.technet.microsoft.com/heyscriptingguy/2013/06/03/generating-a-new-password-with-windows-powershell/ ##
#######################################################################################################################

#######################################################################################################################
##   What i did was add a couple ... well 4 if statements, and comments, and an override for less than 8 characters  ## 
#######################################################################################################################

Function GET-TempPassword() {

###set the default parameters - auto length is 10 for example
Param(
    [int]$length=10,
    [string[]]$sourcedata
)
## password policy here requires min 8 characters so:
If($length -lt 8) {$length = 8}

Do {
    $Count = 0 # At start of each loop rest the counter
    $TempPassword = $Null # at start of each loop reset the temp password
     For ($loop=1; $loop –le $length; $loop++) {
        # Build a random string
        $TempPassword+=($sourcedata | GET-RANDOM)
        }
    if($TempPassword -match "[0-9]"){
        $Count++ ## this increments counter if there as at least one number (0-9) is found
    }

    if($TempPassword -match "[a-z]"){
        $Count++ ## thisincrements counter if there as at least one number small letter is found
    }

    if($TempPassword -match "[A-Z]"){
        $Count++ ## this increments counter if there as at least one number CAP letter is found
    }

    if($TempPassword -notmatch "^[a-zA-Z0-9\s]+$") {
        $Count++ ## this increments counter if there as at least one number "special" is found
    }

} while ($Count -lt 4) ### Now since I want ALL four checks (and all 4 character types) set test at -lt 4 
# This '4' value indicates at least 1 cap, one small, one number, AND one special 
# You can reduce the 4 to 3 and ensure you have three types of characters, and so on

return $TempPassword ### sent the new password back to requesting point in script
}

# Create a very basic password - will fail 3 of the 4 if tests :)
#$ascii=$NULL;For ($a=65;$a –le 90;$a++) {$alphabet+=,[char][byte]$a } ### Only Uppercase 

# Create a good password that can pass all 4 tests
### A list of all letters, numbers and some special characters to use 
# $ascii=$NULL; For ($a=48;$a –le 95;$a++) {$ascii+=,[char][byte]$a }; For ($a=97;$a –le 122;$a++) {$ascii+=,[char][byte]$a }

########################################################### 
$ascii=$NULL
For ($a=33;$a –le 33;$a++) {$ascii+=,[char][byte]$a }   ### Stop Before "
For ($a=35;$a –le 38;$a++) {$ascii+=,[char][byte]$a }   ### Stop Before ' 
For ($a=40;$a –le 47;$a++) {$ascii+=,[char][byte]$a }   ### Resume after ' and Stop Before 0
For ($a=49;$a –le 72;$a++) {$ascii+=,[char][byte]$a }   ### Resume after 0 and Stop Before I
For ($a=74;$a –le 78;$a++) {$ascii+=,[char][byte]$a }   ### Resume after I and Stop Before O
For ($a=80;$a –le 95;$a++) {$ascii+=,[char][byte]$a }   ### Resume after O and Stop Before `
For ($a=97;$a –le 107;$a++) {$ascii+=,[char][byte]$a }  ### Resume after ` and Stop Before l
For ($a=109;$a –le 126;$a++) {$ascii+=,[char][byte]$a } ### Resume after l and Stop Before unprintable/nonstandard characters
########################################################### 

# Call the function to set a variable
$Password = GET-TempPassword –length 48 –sourcedata $ascii
# You could call the function as many times and ways as you want. ;)

# Now: do "something" with the variable
Write-Output "Password is $Password"
$Password  | clip # This command takes the password and places it on the clipboard so you can simply PASTE it into an email, or password field ...

now to schedule it on a 2 hour rotation…

spiceuser-r6bch · 2019-05-01T11:05:43.000Z

Good to know, but it’s #4 for me.

lloydcastleberry · 2019-05-01T14:08:56.000Z

#4 sounds like a good option.

drewlubken0647 · 2019-05-01T14:21:21.000Z

Yeah, I’ll probably stick with #4

Especially never #3, that’s just a way to do extra work that doesn’t accomplish anything much creating a lot more work for me

mccormick · 2019-05-01T14:32:03.000Z

Son of Jor-El:

I celebrated it by spicing the topic up, getting myself 1 point closer to another spice level, then never thinking about it again.

And getting 10 points for the reply!

I’m going to send an email about good password practices that 3 people will read and pay attention to.