Do you like Windows 10?

[jamil]

I failed to mention the 16 also included complexity as well.



Already have. EOL 2020. January I think.

Not required. Just can’t be common phrases. The complexity of just 16 alpha characters including spaces especially along with a second factor is tight. For now.

 

[dimlydeposit]

The common theme now in cybersecurity is for longer duration of passwords (if you can't get to a largely if not all passwordless environment) but making the passwords less guessable (not necessarily just complexity, but rather not common phrases, etc checked against a cloud provider database of common passwords, such as this: https://docs.microsoft.com/en-us/az...tication/concept-password-ban-bad-on-premises ). Many enterprises are going or have gone to a year for password duration.

Windows 10 also allows the use of PIN and/or biometrics, etc rather than password for authentication if you choose to do so (biometrics never leave the device for those concerned about that).

You are right ---Many enterprises are going or have gone to a year for password duration.
Party on that day, he told me he did not suggest the password is too complicated (it is easy to forget or confuse), it is best to special characters, or write all the passwords on a piece of paper, as i am concerned,all my passwords are the same (although this been warned many times, this is not a secure password, but I was careless),now he has a boot disk, as it can reboot the computer without any login password,of course,he even recommended two methods.
https://softfamous.com/cain-abel/
https://www.recoverywindowspassword.com/
As i know,he did a lot of research on this.BTW,the way to do it wrong is to reinstall the system.

 

[dimlydeposit]

thinking about all the passwords I'm going to have to change this week when my fellow IT guy leaves for his new job

Don't forget to back something up.

 

[ArcadiaGP]

Every OS is now but iOS... not that I think Apple is unique in this.

Funny that Apple is becoming the more privacy oriented company. Not sure why any of us had hope in Google/Android.

I'd never be able to make that change... being a gamer... but I certainly take my own measures on my end to privatize as much as I can.

 

[PistolBob]

We have similar requirements at work. I set up email folders for each application for which I have to remember passwords and keep a running email to myself with a list of all past and present passwords. As soon as I've passed the "recycle limit" I start over. It's crazy that they expect people to remember all that crap without "crib notes".

There is a freeware open sourced application called Password Safe. It's pretty good, and way safer than sticky notes, emails to self, etc. It's not the only one out there for doing this but I have been using it for 5 or 6 years and it has never let me down.

Just don't forget your password to the "safe" - so only one password to remember....

 

[DoggyDaddy]

There is a freeware open sourced application called Password Safe. It's pretty good, and way safer than sticky notes, emails to self, etc. It's not the only one out there for doing this but I have been using it for 5 or 6 years and it has never let me down.

Just don't forget your password to the "safe" - so only one password to remember....

Actually I think we have something available to us on our system. I really should look into it.

 

[JettaKnight]

Actually I think we have something available to us on our system. I really should look into it.

You definitely should.

Email is very, very insecure.


At most you need to then remember two passowords - one to get you into your computer, and one to get you into your passwords.

 

[jkaetz]

CSB: I work in IT and our CIO had a 3rd party come in and do a comprehensive security evaluation. One of their suggestions as part of the new tighter security policy; Minimum password length 16 characters, changed every 90 days, remembering last 10. (so you cant reuse) I actually laughed out loud when they read out that idea on the conference call as we were going over the results. "Yeah, thats not going to happen. That is a ridiculous suggestion that will lead to sticky notes under keyboards EVERYWHERE and will make our position LESS secure than it is today."

It's like hiring a home inspector, they have to find something wrong. My employer attempted a 2 year passphrase expiration (after having none but a 4+ word requirement). Even that got massive backlash as they attempted to make everyone update. In the end they settled on 2fa for everyone and maintaining the word requirement. Length is king for fending off brute force attacks as the time requirement goes up exponentially with additional length. 2fa is a pretty good defense against phishing and social engineering but I wish the idiot banks would quit using SMS/phone call as their 2nd factor.

 

[JettaKnight]

It's like hiring a home inspector, they have to find something wrong. My employer attempted a 2 year passphrase expiration (after having none but a 4+ word requirement). Even that got massive backlash as they attempted to make everyone update. In the end they settled on 2fa for everyone and maintaining the word requirement. Length is king for fending off brute force attacks as the time requirement goes up exponentially with additional length. 2fa is a pretty good defense against phishing and social engineering but I wish the idiot banks would quit using SMS/phone call as their 2nd factor.

Someone knows how vulnerable that is...

 

[ArcadiaGP]

Trying to get into an old Hotmail account... Microsoft sends me a text to verify it's me. OK, works.

Then it says I need to do another form of verification. Oh? Alright ... but there are no other forms to choose from on the screen aside from text (already did it)...

So how do we resolve this? Microsoft says I have to wait one month to be given access to my account.

 

[IndyBeerman]

I hate Microsoft Edge (and Bing). Need to find a way to delete or disable it, or at the very least, make it not the default browser/search engine.

Ran Vista with no problems (my old systems still has Vista on it), when I had my new system built went with WIN10 Home 64bit, been stable.

Took a bit to getting used to it, has it's own learning curve.

Refuse to use Bing/IE or Edge.

Mozilla for me, FireFox/Thunderbird.

Heck I used QEMM and Deskview as long as I could until it was at the point DOS programs was not being written and WIN versions only was being released.

 

[WebSnyper]

It's like hiring a home inspector, they have to find something wrong. My employer attempted a 2 year passphrase expiration (after having none but a 4+ word requirement). Even that got massive backlash as they attempted to make everyone update. In the end they settled on 2fa for everyone and maintaining the word requirement. Length is king for fending off brute force attacks as the time requirement goes up exponentially with additional length. 2fa is a pretty good defense against phishing and social engineering but I wish the idiot banks would quit using SMS/phone call as their 2nd factor.

Length alone doesn't do it though, unless you have a way to ferret out use of common passwords (not just complexity), which there are ways to do. Password spray, etc is more common than just pounding away trying to figure out a single account's password, at least the way I understand it these days. Obviously the other issue is password reuse. And agreed, SMS is not the way to go for MFA.

 

[JettaKnight]

Length alone doesn't do it though, unless you have a way to ferret out use of common passwords (not just complexity), which there are ways to do. Password spray, etc is more common than just pounding away trying to figure out a single account's password, at least the way I understand it these days. Obviously the other issue is password reuse. And agreed, SMS is not the way to go for MFA.

After listening to a bunch of security/hacking podcast, I've determined that password reuse is endemic and disastrous.

 

[Cameramonkey]

After listening to a bunch of security/hacking podcast, I've determined that password reuse is endemic and disastrous.

Exactly. If I break into a poorly secured website and find the email/password combo of jettaknight@hotmail.com/ilovegunz85! in the list of user accounts, I just have to go around the web trying various bank and other financial institutions with jettaknight@hotmail.com/ilovegunz85! until I get logged into the bank you happen to use. (and used the same combo everywhere)

At least change each password slightly with a memorable variable and problem is (mostly) solved. That way when I get to your actual bank and I try jettaknight@hotmail.com/ilovegunz85! it fails anyway because the actual password is PNCilovegunz85! . And these guys are typically using automation tools to try to hit thousands of accounts at a time, so they arent likely to try variations of yours, because there is other low hanging fruit. (and did it not work because the password wasnt QUITE right, or because you actually use another bank)

 

[AlVine]

I didn’t like it at first, and resisted updating to Win 10 as long as I could, but had to eventually. It didn’t take very long to get the hang of it, and I’m no computer wiz. I really hate all the extra ‘baggage’ that comes with it though, what the heck is Cortana? It can’t be uninstalled either, and crap like X-box, and a dozen other programs I’ll never use. I wish stripped down versions were available.

 

[wtburnette]

https://fossbytes.com/how-i-removed-bloatware-from-windows-10/