he could tell you, but then he'd have to kill you.
work passwords
- Thread starter Briansol
- Start date
- Replies 88
- Views 4K
We may earn a small commission from affiliate links and paid advertisements. Terms
Runs an ice cream shop downtown.
LOL. I hope all divisions aren't like that. I almost applied with your company for a job in Colorado.
smart cards FTW!
I worked on a PIV product my company offered. I think it was called CMS from VeriSign.. was a long time ago.
I hope your phone is password protected.. lol. Do they have mobile apps that are secure for storing pw's? I bet a lot of people do that.
My phone is password protected.
But I have passwords for like 20 different systems and they are all different and have different reset cycles. Some 30 days, some 60, etc. I can't keep the password the same and I don't feel like locking my accounts on a routine basis because I can't remember what iteration I'm on lol
But I have passwords for like 20 different systems and they are all different and have different reset cycles. Some 30 days, some 60, etc. I can't keep the password the same and I don't feel like locking my accounts on a routine basis because I can't remember what iteration I'm on lol
You wouldn't believe how many systems here are like that.
On the other hand, you wouldn't believe how many have the admin user/pass on a label on the machine...
Yup.
Depends on the area you work in- most aren't that locked down.
Yeah, quite a few apps exist for password storage. I don't use any though; all memorized.
Sounds like you guys need to implement a single sign on.
Not possible- quite a few of the systems have to be completely isolated from other networks.
That's how I do my in-laws' computers.
most of the systems i use have:
8-digit RSA pin (has to be 4 letters 4 numbers), doesnt change
+ RSA keycode, changes every minute
+ Windows login password, system unique, changes every 30 days
some of the systems have another password layer when remotely logging into the Virtual Workstation
and then i have backup systems on another LAN, completely separate and with their own passwords.
the UNIX boxes we have left only implement a group account with one password that never changes. (these boxes are logged in 24/7 and the password hasnt changed for like 10 years lol)
the LINUX boxes use RSApin + RSA key only.
8-digit RSA pin (has to be 4 letters 4 numbers), doesnt change
+ RSA keycode, changes every minute
+ Windows login password, system unique, changes every 30 days
some of the systems have another password layer when remotely logging into the Virtual Workstation
and then i have backup systems on another LAN, completely separate and with their own passwords.
the UNIX boxes we have left only implement a group account with one password that never changes. (these boxes are logged in 24/7 and the password hasnt changed for like 10 years lol)
the LINUX boxes use RSApin + RSA key only.
wtf, do you work at server vault
nope. just Flight Operations for a few satellites at NASA. they believe in redundancy almost to a fault lol. we command the satellite through a very complex ground network.
the actual box that you command from has 2 separate instances "Workspaces" of the same software open to control/command the satellite. Prime and Secondary. If Prime fails or hangs or anything, you can flip over to the Secondary.
then there is a Backup LAN with its one Prime and Secondary "workspaces". each workspace is controlled by a contact server, which is piped into a virtual workstation, and then forwarded to my thin client in the control center.
then there is a backup backup LAN located in a separate building on base, also with its own workspaces.
every contact with the spacecraft command and telemetry capability is piped to all 4 workspaces of the prime and backup LANs. i have to reconfigure some command and telemetry processors (UNIX boxes) to pipe the data to the backup control center since its in another building.
it seems way over the top, but it saved my ass one night not too long ago when both prime and backup LANs both became unresponsive and i had to failover to the backup control center so i could still contact the spacecraft and not lose any data... at 3am...
oh, and the system administrators where i work, they have like 10x the amount of passwords that i do lol.
the actual box that you command from has 2 separate instances "Workspaces" of the same software open to control/command the satellite. Prime and Secondary. If Prime fails or hangs or anything, you can flip over to the Secondary.
then there is a Backup LAN with its one Prime and Secondary "workspaces". each workspace is controlled by a contact server, which is piped into a virtual workstation, and then forwarded to my thin client in the control center.
then there is a backup backup LAN located in a separate building on base, also with its own workspaces.
every contact with the spacecraft command and telemetry capability is piped to all 4 workspaces of the prime and backup LANs. i have to reconfigure some command and telemetry processors (UNIX boxes) to pipe the data to the backup control center since its in another building.
it seems way over the top, but it saved my ass one night not too long ago when both prime and backup LANs both became unresponsive and i had to failover to the backup control center so i could still contact the spacecraft and not lose any data... at 3am...
oh, and the system administrators where i work, they have like 10x the amount of passwords that i do lol.
Last edited:
Yup, life / mission critical systems have quite a few layers of redundancy / protection in them...
You can still use it to cover 90% of logins. I'm talking corporate apps. Or within isolated networks having another CSO solution.
We also have isolated networks, remember we host the most used SSL CA in the world.
We also have isolated networks, remember we host the most used SSL CA in the world.
Wow you're that 'Self-Signed' guy? ZOMG!!
I kid. But I've worked on some interesting government contracts before with pre-kicked systems and vpn concentraters with RSA tokens with single use logins that auto reset the pin after first login.
The level of protection described by some posters is more excessive than anything i've ever worked with. Granted now, I've been out of the hyper security, government/medical industry stuff for about 3-4 years now, so I don't know how stuff has evolved in that time.
Now I'm just a code monkey, systems architect, and sysadmin all rolled into one. All I do for my systems is encourage passphrases, or normal password requirements, and/or rsa certs for ssh logins.
I havent caught ANY of my guys breaking my rules. I've seen them all login to their machines using my excessive passphrase recommendation, and our security team got passphrase added into our SAS70 so I can continue my normal operation stuff.
In addition, they all have passworded RSA certs for ssh logins, which is about all i can ask for when you're talking about logging in to 300+ machines a day, with an internal SLA of 15 minutes and external SLA of 30.