How many passwords do you have for work?

[WillyNelson]

1. Single sign-on

 

[grudas]

50+

unix systems admin, loads of systems, loads of VM's all over the place etc.. 50+ are the ones I remember and use.. loads more in the keepass too

 

[Judgeneo]

When I've seen password-mania, it usually arises when workstations, servers, software, etc. aren't connected, or aren't properly connected, to a directory service. So you have two options: use one password for everything, but when you need to change it (eg. expiry or security breach) you have to change it in all of those different locations; or use different passwords for everything, which is harder to remember but means that the passwords can be expired/changed/etc. individually.

Public sector. They appear to have procured many bespoke systems over many years and each has its own login. To me it makes sense to consolidate them or use publicly available alternatives but I imagine the answer to that now would be "don't have the budget".

We do have a local password manager but it only works for certain intranet applications on IE. We have Chrome but add-ons are blocked so no Lastpass

Yeah I've just realised the stupidity of my question, I was thinking just in terms of user and remote admin, I forgot about servers, firewalls, switches, legacy, UPS etc... I can see how it adds up.

 

[V4NT0M]

NT
Customer portal 1
Customer Portal 2
Client portal 1
Client portal 2
Document system
Payment system
Emails
Oracle
Elearning 1
Elearning 2
Facilities system
Statistics Spreadsheets

 

[TommyV]

about 15 or so

 

[Sheff]

At least 20, the majority of which expire at different intervals. Thankfully when they require changing I don't have to worry about them being completely unique each time.

Public sector, legacy systems, multiple services.

 

[Raymond Lin]

I am not answering this ! lol

 

[doodah]

Can someone tell me should I be worried using Truecrypt after the recent situation? If so, what's the best alternative?

 

[D.P.]

1) we use LDAP so I can SSH in to any server with the same credentials. Set my email and root to be the same.

 

[pitchfork]

Public sector, legacy systems, multiple services.

Ahh yes I know this feeling.

Thing is by using all of these passwords you either have to hope you can remember multiple passwords which probably change regularly. Or write them down defeating the point.

 

[McPhee]

I use this to generate all of mine, I wouldn't be able to remember as many streams of gibberish otherwise.

Yup. That happened to me with my work password. It has to be changed every 30 days and there's a 10 character limit. Most people are using 'Password', 'Password1', 'Password2', etc. but I decided to try my best to use a secure(ish) password. It worked for a few months, then I went on holiday for a week, came back and I'd forgotten it. Had to get the admin to reset my account. The end result? Screw it, 'Password1'.

I really don't get why the password policy is <10 chars and a password change every 30 days. The former is stupid. The latter does nothing to make the system more secure. People inevitably just add 1, 2, 3, 4 to the end of their password if you force them to change it regularly, otherwise it becomes hard to remember.

 

[bainbridge]

Too many, but being very security conscious I use my own name and a number, then when it needs changing I increase the number by one

 

[MowyTone]

probably about 10...but we are some of the lucky few that have service accounts that have interactive login rights

 

[Sheff]

Ahh yes I know this feeling.

Thing is by using all of these passwords you either have to hope you can remember multiple passwords which probably change regularly. Or write them down defeating the point.

Thankfully I can remember them all without much difficulty, even if I haven't used a particular system in a few months.

However ask me the name of someone who sits across from me and I'll be scrambling through our desk's team structures!

 

[Azza]

1, single sign on for the systems and software that are used. Or at least that I come across any way.

 

[The Dread Pirate]

Hypothetically If one of our bosses were to come across this thread how worried would you be?

Myself not at all I've given nothing away!

 

[AJK]

Hypothetically If one of our bosses were to come across this thread how worried would you be?

Myself not at all I've given nothing away!

I haven't seen anyone actually posting their passwords... what is it you think those bosses would be worried about?

 

[D.P.]

Not telling my security is my business no one else's!

People that say stuff like this have the least to hide and need the minimal security.

My computer is left unlocked and with the single password that is the same as my email password you can access US DoD documents, source code and aerodynamic performance data, etc.
A good security system doesn't rely on memorizing hundreds of obscure passwords.

 

[The Dread Pirate]

I haven't seen anyone actually posting their passwords... what is it you think those bosses would be worried about?

The security policies being described and complained about can let you in on the sort of security model is in use not that you'd be able to do anything with it... unless you've foolishly handed others your password.

 

[The Dread Pirate]

People that say stuff like this have the least to hide and need the minimal security.

My computer is left unlocked and with the single password that is the same as my email password you can access US DoD documents, source code and aerodynamic performance data, etc.
A good security system doesn't rely on memorizing hundreds of obscure passwords.

Actually I just don't see it being any of yours business like my finances or downy hair growth!