I did that because 2 minute screen lock plus crazy long password requirements made working hell. The alternative was going to be an arduino usb hid device that typed the password when a button was pressed.
Having unrealistic, bad security rules are counterproductive.
My prior job logged everyone (employees and customers alike) out of the portal after 5 min of inactivity, but uploads to the site often took much longer than that, to say nothing of checking things over, so half the support contacts we got were whining about the timeout, and the only thing I had to say to the people complaining was “yeah man, we have the timeout too, and have to use the site on and off all day, year round, not just for three days a year… I totally agree with you, it doesn’t help, but even our dummy data on test accounts is subject to those rules, so I can’t help you…”
Instead, I learned the site inside and out by memory (I built the knowledge bases for everything, as a result) and sent the security team every article I could find about how short timeouts were bad for SaaS security because they make people use less secure passwords and skip mfa.
One job I had also had a 2min lockout. My solution was to let a really long YT video play in fullscreen when I left the laptop. That prevented the lockout.
Thanks to whoever uploaded a 10h loop of the Nyan cat song, you are a hero.
I did that for 10 months there because they wouldn’t assign me work.
I did that because 2 minute screen lock plus crazy long password requirements made working hell. The alternative was going to be an arduino usb hid device that typed the password when a button was pressed.
Having unrealistic, bad security rules are counterproductive.
Are you fucking kidding me? That’s ridiculous.
My prior job logged everyone (employees and customers alike) out of the portal after 5 min of inactivity, but uploads to the site often took much longer than that, to say nothing of checking things over, so half the support contacts we got were whining about the timeout, and the only thing I had to say to the people complaining was “yeah man, we have the timeout too, and have to use the site on and off all day, year round, not just for three days a year… I totally agree with you, it doesn’t help, but even our dummy data on test accounts is subject to those rules, so I can’t help you…”
Instead, I learned the site inside and out by memory (I built the knowledge bases for everything, as a result) and sent the security team every article I could find about how short timeouts were bad for SaaS security because they make people use less secure passwords and skip mfa.
One job I had also had a 2min lockout. My solution was to let a really long YT video play in fullscreen when I left the laptop. That prevented the lockout.
Thanks to whoever uploaded a 10h loop of the Nyan cat song, you are a hero.
I think passphrases would work great in that case.