<div dir="ltr">Bad user interfaces are part of the reason for passwords such as 1234.<div>Not saying its a good idea, just saying that I understand why people do it.</div><div><br></div><div>With a windows laptop, I CAN get into the machine with a linux disk and a copy of "chntpw".</div><div>(Unless BIOS is locked down, but I make sure that stays unlocked)</div><div>Locked out of a MAC you need your AppleId.</div><div>If forced to use a MAC, I will NEVER use a complex PW again.</div><div>Maybe smash 8 words together, but thats as far as Ill go.</div><div><br></div><div>Im brash. Im ADD. Im probably bi-polar. </div><div>I may not be a genius, but Im definitely brighter than the average person on the street. </div><div>While clumsy, Im NOT an IDIOT.</div><div>I LEARNED my lesson!</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 17, 2020 at 2:12 AM Michael Paoli <<a href="mailto:Michael.Paoli@cal.berkeley.edu">Michael.Paoli@cal.berkeley.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> From: Texx <<a href="mailto:texxgadget@gmail.com" target="_blank">texxgadget@gmail.com</a>><br>
> Subject: Re: [conspire] Password permutations (was: Correction)<br>
> Date: Tue, 14 Apr 2020 19:22:15 -0700<br>
<br>
> After being on the bench for months, I landed a gig.<br>
> My first day, I was presented with a MAC laptop and a bunch of reading.<br>
><br>
> The reading largely spelled out what I vaguely suspected.<br>
> I went with long passwords, opened a separate password manager from the one<br>
> that I use,<br>
> and I didnt repeat the same password for ANYTHING.<br>
> The first 2 days went fine as the onboarding progressed.<br>
><br>
> On the third day, I forgot my password to the password manager.<br>
> This resulted in being unable to log into the laptop, or the "Apple-ID"<br>
> This, in turn "bricked" my MAC and while I was able to request help with my<br>
> APPLE-ID,<br>
> they had a mandatory waiting time of a month.<br>
><br>
> There was no way to reinstall OS on the MAC.<br>
><br>
> The job that was going to turn my life around, (Full time, yet) ended on my<br>
> 1 week anniversary.<br>
<br>
Bummer dude. :-( Sorry to hear that.<br>
<br>
So, one of the things to always be aware of, when selecting<br>
passwords/passphrases or the like - and also when entering them,<br>
be aware / keep in mind - what's the recovery procedure? Even is<br>
there, or is there practically/feasibly one.<br>
And also, what happens with incorrect password/passphrase attempts?<br>
What are the consequences (hassles, or worse), if that happens<br>
"too many times" ... and sometimes there are multiple thresholds on<br>
that (e.g. delays next login attempt, locks out for 5 to 30 minutes,<br>
have to get admin to unlock/reset, or go through some other<br>
procedure for that, to, egad, device/data bricked or unrecoverable<br>
... and sometimes the latter is even desirable - but its a bit on<br>
the more extreme side).<br>
<br>
So, e.g., encryption of, e.g. drive (or partition/filesystem,<br>
user data ...). Sometimes users ask me, and/or I ask them. And when<br>
they start to get all excited about wanting encryption, I also give them<br>
dire warning - you lose/forget your encryption key/password/passphrase,<br>
you lose all access to that data. Period. No recovery, no getting<br>
it back. And despite that, some users still not only go with<br>
encryption, but lose/forget the key/passprhase/password to be able to<br>
unlock the encryption. <sigh> Egad, some users repeatedly forget their<br>
passwords, and don't even have the skills to unlock themselves from<br>
there - even with physical access. Heck, those users, I generally<br>
won't even bring up or suggest something like drive encryption or<br>
the like. Yeah, it's annoying when I have to repeatedly reset<br>
passwords for the same user on their Linux goop over and over and<br>
over again. But it happens.<br>
<br>
Oh, and stuff that locks out / bricks. It's especially annoying<br>
when they don't tell you about such "features". Surprise! Not good.<br>
(See also: Principle of Least Surprise)<br>
<br>
So, yeah, the more, uh, "sensitive" stuff to that - especially<br>
one-way-trips to bricking or other significant hassles. I'm a helluva<br>
lot more careful that I enter the password/passphrase correctly. I also<br>
make dang sure I can verify/(re)confirm I've got it correctly and is what<br>
I think it is (or at least be as sure as feasible), before trying to<br>
(re)enter it.<br>
<br>
Yep, had a coworker once ... such "security" software on their<br>
smart phone. Smart phone bumping around in pocket. Smart phone takes<br>
that as unlock(/"login"/authentication) attempts. Too many of those<br>
(sort'a like pocket/butt dial), and the phone bricked itself. All<br>
data gone. Just because the phone was bouncing around in the pocket for<br>
some bit. "Oops." So, yeah, I do know of such software/devices<br>
that'll do that. Typically 10 to 20 failed attempts and ... bricked.<br>
A lot more persnickety stuff gives one grief after as little as 3<br>
failed attempts - like requiring administrator to reset/unlock after<br>
3 failed attempts.<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><br>R "Texx" Woodworth<br>Sysadmin, E-Postmaster, IT Molewhacker<br>"Face down, 9 edge 1st, roadkill on the information superdata highway..."<br></div>