An actual tech support call....

[SC_SVRider]

This was a phone conversation I had today with a user.

 

User: I have a problem with my printer. I have been trying to print this MapQuest Map and it keeps printing blank pages.

 

Me: Hmmm. Well, are you able to print anything else? Can you print and email?

 

User: Let me try. No. It’s printing blank pages for that too.

 

Me: Well, when was the last time you were able to print?

 

User: This morning.

 

Me: Have you done anything differently since then?

 

User: Well I changed the Printer Cartridge earlier today.

 

Me: Ok. When you changed the printer cartridge, did you remember to take that protective strip that holds the toner in the cartridge?

 

User: Oh CRAP!

 

Me: I take it that’s a no? *smile*

 

User: Let me check.

 

Me: Ok I’ll wait.

 

User: Yep. It was still there. I took it out.

 

Me: Well try it now.

 

User: Its printing fine now.

 

Me: Imagine that!

 

User: You are a genius.

 

Me: I try.

[Marty Hill]

Hey Rainey,

 

I'm never gonna call you for tech support.

[SC_SVRider]

Hey Rainey,

 

I'm never gonna call you for tech support.

 

Sound to familiar Marty? LOL

 

See you Saturday!

[Marty Hill]

It did ring a bell.

[Huzband]

I'm just surprised that you gave GelStra you're phone number.

[Joe Frickin' Friday]

This was a phone conversation I had today with a user.

 

You do tech support? When did you move to India?

 

 

[BULLman]

At least it was plugged in

 

What I hate is when I tried everything I could think of, and the IT guy turns it off and than back on and it works fine

 

Of course, when you've done this already it can preplex them

 

Keep smiling

[smiller]

Hmmm, I just changed the printer cartridge and now I get blank pages... I wonder what it could possibly be? Better call tech support...

[ghaverkamp]

After years of talking about it, we're finally regularly expiring all user passwords every 6 months. Being as lucky as I am, it's my project.

 

We're doing around 6000 accounts total over the course of 3 months. Our help desk has been inundated by people claiming they've just changed their passwords, yet they're still getting expiration notices. Just today, a help desk staffer handled a user who said he changed his password weeks ago... But his old password continued to work!

 

The help desk folks reported going through the process with users, and though there was a "Change Password" button, users kept hitting the "Reset" button (which since the dawn of HTML forms has been a browser built-in to clear af orm) and assuming that when the form cleared, their passwords were changed. We've dropped that.

 

We have people who say they're using a variant of their old passwords, but we're not accepting it. Well, the message and the page notes that we've toughened our complexity requirements.

 

People don't notice that the requirements next to the new password field get marked off the list (even though it's now in the instructions) as they meet complexity requirements, and so they're confused when the (now solitary) button is not enabled.

 

People don't read and they don't pay attention. So, they stick toner cartridges in without removing those strips and they submit forms without looking at what they're doing (hence the success of phishing attacks.) It's maddening.

 

(Go ahead and say it... it's probably why Microsoft writes questions that make no sense.)

[Damean]

I've had a gentleman out in California scream at me for a good ten minutes one day because he couldn't get his wireless internet to work in the hotel. Cussed at me, the hotel, the equipment we used, just telling us how horrible the service was, how he never had problems until he staid at this hotel. After he ran out of steam, I reached over and flipped on his wireless card switch. He got a real dumb look on his face, and after 5 seconds of silence, started screaming about how he never had to do that in any other hotel he stayed at.......

 

People are just stupid sometimes

[Boffin]

We have people who say they're using a variant of their old passwords, but we're not accepting it. Well, the message and the page notes that we've toughened our complexity requirements.

 

I hate over-complex password requirements and I think they are inherently insecure. People can't remember them so they write them down, hence insecure.

 

Back on topic - I sit near our office scanner and I am an engineer in an office full of project controllers. I got tired of questions from people who could not understand that to work the scanner you select the Scanner icon on the PC. These days when asked I tell them I don't know how it works, otherwise I waste 15-20 minutes doing their scanning, file saving and organising for them.

 

Andy

[smiller]

I hate over-complex password requirements and I think they are inherently insecure. People can't remember them so they write them down, hence insecure.

Yes, that's got to be near number one on the list of obvious unintended consequences that IT people just don't seem to get. Requiring overly complex passwords (sometimes changed every month or so for good measure) invariably results in the passwords being written down, effectively reducing security rather than enhancing it.

[Woodie]

...and yet, auditors keep on coming in and making a "finding" that passwords have lengthy (or no) password change requirements, and no strength requirements.

 

Oh...and Microsoft OS and IBM Z/os define characters and rules differently!

 

For example, IBM password rules allow vowels and consonants. MS rules control lower case, upper case and numbers.

[ghaverkamp]

...and yet, auditors keep on coming in and making a "finding" that passwords have lengthy (or no) password change requirements, and no strength requirements.

 

Yes. We have strict "complexity" standards because auditors demand them, not because they're more secure. More secure passwords would require explanation the auditors don't understand.

 

However, I'm not entirely onboard with the idea that having written passwords is really terribly insecure. First, it depends on where they're written down. Lose a password stored in your wallet without anything tying it to a machine and what's lost? Not much.

 

Second, physical security is already critical. If you put your passwords on a Post-It on your machine and someone can just come by and take it, then sure, that's a problem. However, if your physical security is so weak that someone is going to be able to get at your machine, find your password cache, and have time to make something of it, then you've got bigger problems. If I've got that much access, I don't even need your written password; I'll just apply a password sniffer.

 

Most risks to passwords are remote, and unless you're living in a Star Trek universe, you can't get just any convenient remote camera angle on a piece of paper. That writing down passwords is inherently insecure is a myth.

[smiller]

That writing down passwords is inherently insecure is a myth.

No greater than the myth that someone is going to make a brute-force attack against my email password, which is what my IT dept. seems to think. I guess I should be honored.

[ghaverkamp]

No greater than the myth that someone is going to make a brute-force attack against my email password, which is what my IT dept. seems to think. I guess I should be honored.

 

The risk is that someone is going to nab the hashes and brute-force everything. From there, it's easy access. Once you're on a system, privilege escalation attacks are usually pretty easy.

 

There seems to be some agreement that longer, more memorable passphrases would be better than shorter, more complex passwords. The problems are as Woodie stated, that you've got to get auditors to buy into that, and that you've got to make sure all of your services handling passwords can handle them. Neither of those is insurmountable, but there are lots of crappy auditors and systems already in place.

[Dick]

That was really inconsiderate. Shaun could have waited with that problem until he got home.

[Chris K]

That was really inconsiderate. Shawn could have waited with that problem until he got home.

 

ROTFL!!

[Quinn]

Once I've solved someone's "dumb" problem, I think the best response is, "Thank you for giving me a problem that I could fix."

[Jerry Johnston]

Once I've solved someone's "dumb" problem, I think the best response is, "Thank you for giving me a problem that I could fix."

I've had doctors who had similar problems so it's not that they're dumb they just seem to draw a blank when it comes to computers or don't want to concentrate on it.

[SC_SVRider]

That was really inconsiderate. Shaun could have waited with that problem until he got home.

 

No comment.

 

 

 

 

 

 

 

 

 

No... It wasn't Shawn.

[NoHeat]

When you changed the printer cartridge, did you remember to take that protective strip that holds the toner in the cartridge?

 

I had exactly the same thing with my mother-in-law's ink cartridge. Except I wasn't clever enough to guess the cause of the problem when she described it over the phone -- I had to drive over there and discover it in person.

[eddd]

I'm the technical support person for my campus. Last Thursday I received this voice message:

 

"Mr. G., this is Mrs. M.

 

I need you to come and fix my printer. It isn't working, and I need to send an email."

[KrazyHorse]

My poor IT guy...I know I drive him nuts sometimes, but since we are kinda work-buddies (I actually call him my work husband) he can at least say the sarcastic things you other IT guys have to hold in.

 

In fact, he was teasing me so much the other day, after he left I put a piece of tape under his mouse. Got him too. He never checked the underneath and just replaced it with a new one the next morning when it would not work. Mua-hahahahaha!

 

I plan on jello-ing his stapler next.

 

And no, it's not red.

[Woodie]

My poor IT guy...I know I drive him nuts sometimes,

I put a piece of tape under his mouse. Got him too. He never checked the underneath and just replaced it with a new one the next morning when it would not work. Mua-hahahahaha!

 

I plan on jello-ing his stapler next.

 

And no, it's not red.

 

ROTF, LOL! Hacked by an end-user! That is toooo funny!