17

Fun though practical question.

You've accidentaly pasted and sent some internally used password, let it be your account pw or some server's root pw, into a company's chat channel with 100+ other employees. What do you do next? :)

P.S. deleting the message is not possible
P.P.S. this happens. Thanks to windows "Let me just quickly change window focus from putty to chat window" _FEATURE_ I've accidentally shared like a dozen of root passwords with others.

Comments
  • 11
    I would change it if it's my private password.

    I recommend using ssh keys and lastpass to avoid future mistakes ;)
  • 7
    Keys ftw when it comes to ssh, but for example my password database solution (GNU Pass) suffers from the same problem in Windows. To enter a password somewhere, I have to open WSL, pass show some/password, copy paste it somewhere else. Never pasted it in the wrong place so far, but I just leave it on the clipboard more often than I'd like to admit.

    Generally I'd immediately change the password, and if anyone calls me a fool over it.. well, these things happen unfortunately, and I doubt that that'd change until we get rid of the clipboard as a possible means for transferring passwords from one place to another. Until then, the occurrence of it isn't that important, it's the expedience at which it's dealt with.

    If it happens to be the *only* password that's used everywhere on the other hand.. but then, you wouldn't be copy pasting it anyway.
  • 3
    @wupewu yeeaaah, except ssh keys get out of sync eventually as they are rotated periodically and the roration agent cannot pull newest keys bcz for some reason server cannot connect to the NW. And you're connecting to the LPAR's console via ssh connection to HMC. Or, in Linux case -- you're connecting to the off-grid server via a serial console redirected to another host which you can access via ssh.

    ssh keys do not always work :) Especially when you have a huge estate and hundreds of various automated maintenance tasks.
  • 2
    @netikras In my company we have completely different case: any changes made by hand get overwritten, key authorization only ;)
  • 0
    @wupewu How do you use ssh keys to login as root in server's console via ILOm? :) Or via HMC console? Or via LDOM console? Or SunOS's sc> ? :) You get the picture
  • 6
    Allright, so back to the topic.

    Once to avoid attention I flooded the channel with like 10 more messages made of random chars, followed by "sorry, was cleaning my keyboard"

    The other time I followed the misposted password with "google.com[ENTER] facebook change password[ENTER]" to try and make channel participants believe it was my FB pw

    don't remember what other tricks I used for other cases :)
  • 1
    @netikras Maybe change keybinds to paste? ;)
  • 5
    Isnt putty right click to paste, and select to copy. And does ctrl v not work.

    Or was that the Ubuntu terminal. I always get them mixed up and annoyed by myself because I fail to copy and paste on the first try.
  • 3
    @MisterArie Yeah, you're right, bare putty does not paste with ctrl+v. However some putty wrappers do make this C-v keybinding work :) What sysadmins are using a bare putty nowdays ayway..

    On Ubuntu gnome-terminal has a keybind C-S-v for paste
  • 3
    @netikras that would be my father. He also still codes without color highlighting.
  • 2
    @MisterArie well.. some people like it smooth. Some people like it rough. What can I say.. :)
Add Comment