Post AZvUXRMsZKfEGAdTLE by dpreacher@freeradical.zone
 (DIR) More posts by dpreacher@freeradical.zone
 (DIR) Post #AZueRTI7JJ3Us2Ez8i by tek@freeradical.zone
       2023-09-19T03:43:14Z
       
       0 likes, 0 repeats
       
       Today an old friend texted me: “You busy? Our salesperson opened the phishing email and used their creds to log into the URL in it. Now what?”Initial reaction: I’m not even supposed to *be* here today.Second: Aww, I’m flattered you thought of me!Third: *cracks knuckles* Alright, we’ve got some work to do.
       
 (DIR) Post #AZvHjoXWwZQyCGBh4q by smallerdemon@freeradical.zone
       2023-09-19T11:03:34Z
       
       0 likes, 0 repeats
       
       @tek A salesperson you say?
       
 (DIR) Post #AZvR0BpD2M0adRL9BA by Archilochus@freeradical.zone
       2023-09-19T12:47:23Z
       
       0 likes, 0 repeats
       
       @tek I think you're first reaction was the right one. The damage was done. Your  free time is valuable.
       
 (DIR) Post #AZvUXRMsZKfEGAdTLE by dpreacher@freeradical.zone
       2023-09-19T13:27:00Z
       
       0 likes, 0 repeats
       
       @tek my first thought went to.. "i want to study this brain that doesn't pause to suspect. this resident of utopia". secondly, i'm thinking what does it take to overwhelm a brain such that it drops its guard at the moment they type in their creds. and why do people still type creds when cred managers do a better job at being suspicious of pretending domains. is it not possible to say enforce password manager like a domain policy across the network and especially on end user devices?
       
 (DIR) Post #AZvXYoQQcz7ZvGdqDY by tek@freeradical.zone
       2023-09-19T14:00:49Z
       
       0 likes, 0 repeats
       
       @smallerdemon
       
 (DIR) Post #AZvY0d6YJLBev9bpE8 by tek@freeradical.zone
       2023-09-19T14:05:53Z
       
       0 likes, 0 repeats
       
       @Archilochus There’s that, but I wasn't using euphemisms. This really was an old friend calling to ask for help. I didn't even know how to say the name of the company.
       
 (DIR) Post #AZvYFK7RBKCANi1taK by tek@freeradical.zone
       2023-09-19T14:08:32Z
       
       0 likes, 0 repeats
       
       @dpreacher That's an excellent conversation they should be having. Also, SSO everywhere possible.At one job, we cranked our password requirements ridiculously high to make people become friends with their password manager. “Either learn how to type cmd-\ at the password prompt, or get ready to memorize 100 characters with at least 15 punctuation and 15 numbers.”
       
 (DIR) Post #AZvYb7z0z0nD76UGA4 by dpreacher@freeradical.zone
       2023-09-19T14:12:30Z
       
       0 likes, 0 repeats
       
       @tek though it does suck when it comes to unlocking the laptop which is a windows device tied to my SSO account. I haven't seen a password manager that can fill that yet...or should be allowed to. I set the password manager to generate the lowest number of characters allowed and i filter out the non allowed characters and i think i do the don't use similar looking characters. anyways when i gotta change in next 4 months, that password is random enough...and obviously unique.
       
 (DIR) Post #AZvYfo40TF6AmZ3LCi by dpreacher@freeradical.zone
       2023-09-19T14:13:21Z
       
       0 likes, 0 repeats
       
       @tek i'm sure you had a halo over your head that spelt "BOFH" when you thought about that password complexity
       
 (DIR) Post #AZwcjLnk5LHnGGLoLA by Archilochus@freeradical.zone
       2023-09-20T02:33:32Z
       
       0 likes, 0 repeats
       
       @tek Oh, it read like you were getting  called in on a day off.
       
 (DIR) Post #AZwcvveqb5dJwYBilc by tek@freeradical.zone
       2023-09-20T02:35:47Z
       
       0 likes, 0 repeats
       
       @Archilochus Ohhh, got it. Nah, it was a favor for a non-work friend.