jaguiar

This probably shows my age...but 15 years ago I recall my assistant telling me of a help desk call he received where the user could not turn on their computer. After going through the usual diagnostics to no avail, he asked the user what happened prior to their discovering the problem. The user said that they were in the back of the building (not near the computers) for most of the morning when thunderstorms rolled in. During the storm, the power went out and everyone shuffled to the front of the building because of light from the windows (this is also where the computers were located). After about 20 minutes, the user decided that they could at least get something done while everyone was standing around. It was then that they discovered that the computer wouldn't turn on. At this point, my assistant got one of those "ah ha" moments and ask the question, "Are you still without power?" "Yes", said the user. My assistant kindly told the person that computers need power to work. DOH!! :o

Hi Hackling, Ah, the dreaded "more security = less security" dilemna has plagued us IT guys for decades. Two factor authentication is definitely the right path but you have to keep it simple or else it won't be used (or as you said, written down, aaahhh). I have found that if my users can just remember one solid password and use Lastpass with a Yubikey, their lives (as well as mine) can be a better one :) . Now, certain timeout adjustments should be made to the Lastpass settings depending on the user (ie, if the user doesn't touch the keyboard for X minutes, Lastpass automatically logs them out and they have to perform the TFA again). I've been using Lastpass with Yubikey for some time now and am very happy with the results. Those few times that I leave my Yubikey at home really show me how secure my passwords really are. I hope this reply helps you!