Some of the mouse jigglers are physical devices that actually move the mouse itself in some fashion.
My personal feelings on this are that if you’re in the office, have at it. You should be working or at least doing the usual old-school ways to dodge work- coffee breaks, talking to other employees, taking a long bathroom break, etc…
But if you’re working from home, it’s a different story. I mean, nobody’s looking over your shoulder, so if you’re in a position where there might be some amount of downtime or at least where you’re allowed to budget your own time, then it’s about the work you do, not how long you spend doing it, when you choose to do it, or anything like that. Someone may choose to work on their project in two hour chunks - 8 to 10, 12-2 4-6, and 8-10, and put in a full eight hours, but if some doofus is watching their mouse activity, they’re going to see big inactive spaces from 10-12 and 2-4, and I almost guarantee they’re also not noticing that this person is working 5-6 and 8-10. In that case, I can see someone using a mouse-jiggler to provide the illusion that they’re there while they do other stuff, because their employer doesn’t trust them and doesn’t track after-hours work during work-from-home days well.
The system only stores the past password hashes. When you type in a prospective new password, the system hashes it and compares it to all previously stored hashes. Any match means you’re reusing a previous password.
So how does it check variations? It takes the prospective password, computes variations of it, and then hashes of those variations. Any match to a previous hash means your prospective password is too similar to a previous one.
No, only storing the hashes is how it should work.
That’s doable, but you’re pretty tightly constrained on what counts as “similar”, then. Let’s say you have a 20-character password, and you change only two characters. If you have the plaintext of both passwords, you can easily see that it’s very similar. But to use your method, to catch that, you’d need to check 1,678,840 variations of the new password. And hash functions should be at least somewhat slow, even operating in the forward direction, which probably makes that many hashes impractical.
I am not sure that is true; it is certainly not what is recommended in RFC2945 or more sophisticated protocols. However, let us say H is a hash function. If the server stores the values H(p) and you change your password from p_\text{old} to p_\text{new}, then the server can trivially tell whether or not H(p_\text{old})=H(p_\text{new}). Whereas, if, at the very least, the server stores \bigl(H(s,p),s\bigr) for some random salt s, it is no longer obvious whether or not H(s_\text{new},p_\text{new}) and H(s_\text{old},p_\text{old}) represent the same password.
On the contrary, there’s a constant struggle in the corporate world between mere amoral capitalism, and outright bigotry, cruelty and power tripping. And the former loses as often as it wins; it’s common for companies to behave in ways that cut into their profits because of such irrational reasons.
Companies will nearly always pick the option that screws over their employees and customers the most, regardless of how much evidence there is that doing so loses them money.
This, but not teams. I get disconnected from my ‘work’ computer If it doesn’t see ‘use’ for 10 minutes (haven’t actually timed it).
In our case it’s a security thing. I understand, but it’s aggravating. We are required to have very complex passwords. Once connected into my work computer, I often do a remote data connection to a server I manage which has the same policy of saying ‘bye, bye’
I will sometimes use my home computer to research things. I can minimize my work computer at get all my home computers screen real estate. This effectively gives my two 43" screens. When I when I try to open my connection to my work computer it has often shut me out.
I work from home. I’m alone all day. The only ‘security’ issue would be me.
Hah - same here. I use a smart card to access my client-supplied computer. You’re supposed to remove it and take it with you when away from your computer… at the office. I don’t bother!
One of the systems I remote into requires me to input a password with each connection. I can paste that in from my vault. But when it times out, pasting DOES NOT WORK. So the password I choose has to a) meet complexity requirements, and b) be something I can remember well enough to type.
I agree with you in general that profit is the only point of a business. However, businesses are run by people, who have their own profits in mind, regardless of whether or not that aligns with helping the company. So if they can convince others that the employees need tight supervision, that makes their own jobs more secure because they will be the ones to do that supervision.
Strictly speaking, you are working outside of the corporate firewall. The security “issue” is that you could be in your home, a coffee shop, hotel, airport, or wherever where anyone could potentially (in theory) access your computer.
Strictly speaking yep. In theory. No different if someone was in my home, or at the office. Well, my home is much more secure.
We now have cards to access buildings. Mine is pretty much the keys to the kingdom. My department can get into any structure and office in multiple buildings.
And sure enough, right on the card, and the freaking lanyard it’s attached to the name of our company is printed.
It’s f’n stupid. I complained that the company name should not be on there. An employee picture, fine.
Not likely that a person with nefarious intent would find/steal it, but don’t put that name on there.
Doesn’t really matter to me. The last time I used my card was to take my wife some hiking shoes at her building and office on a Saturday.
The same security issues that exist with the company name on the card would also exist without the company name on the card. It wouldn’t be hard at all for a malefactor to figure out what company the card is for. Having the company name on the card, however, makes some very important security features much easier. Like, for instance, everyone being able to tell at a glance when someone ends up somewhere that they don’t belong.
Our badges require a PIN to use. The only thing a stolen badge would get you past is the cursory look that everyone is wearing a badge. To actually go through a door requires a PIN. And different security areas have different PINs.
If someone finds a namebadge without a company name on it, they could just try it in the top few largest employers in the entire county. Except that they probably wouldn’t even need to go to that effort, because if the second-largest employer in the county didn’t have their company name on their cards, then pretty quickly everyone would know that the cards with no company name on them are for that company.
