If you access corporate email on a personal device that can be unlocked with FaceID, you must change your face at least once every sixty days.
You may not reuse any of your most recent 12 faces.
Max Leibman
If you access corporate email on a personal device that can be unlocked with FaceID, you must change your face at least once every sixty days. You may not reuse any of your most recent 12 faces. 69 comments
Josh
@elfin @maxleibman @juliewebgirl Which face manager do you use? I use 1Face and have heard good things about FaceWarden. Stay away from LastFace, too many face leaks as of late
Esther Payne ๐ด๓ ง๓ ข๓ ณ๓ ฃ๓ ด๓ ฟ
@maxleibman This is how Repo! The genetic Opera starts isn't it. ๐
Matt Stewart
@maxleibman our policy is to change faces every 30d, unless there's indication your face has been compromised. In that case an immediate face change is required to access company assets.
Mastodon Juan :donor:
@jackscerebellum @maxleibman We also enforce Strong Faces that can't be easily identified by others.
Jeff โจ๏ธ Darcy
@mykl @jackscerebellum @maxleibman Are you saying long faces are better for security?
Max Leibman
Please contact the technical support desk if you have forgotten your face and need help resetting it.
John Hudswell
@maxleibman Our support desk is finding it hard to recruit: itโs hard to find people with decent tech knowledge along with mobster level face-rearranging skills.
Max Leibman
@johnhudswell โNo one wants to work anymore,โ lamented Lenny โThe Sharkโ OโHanlon, technical support desk supervisor.
Jim :aim_logo: :OhNoBubble:
@maxleibman Not all accounts allow for self face reset. That needs to be enabled by face admins.
llewelly
@maxleibman by biometric breach and soon someone will be
ะะพัะฐะฝ ะะฐะฝะดะตะบะธั ๐ฅท๐บ๐ฆ๐ท๐ธ๐ฆโค๏ธ
@maxleibman My Schwarzenegger face is impossible to forge as it has too much muscle for most geeks who just sit like blobs.
Cat-in-a-hat
๐๐คฃ๐๐คฃ๐
Sapphic Hazard
@maxleibman Only person who can actually access her phone after a year is going to be the witch from Return to Oz. ๐
Kerry Tomlinson
@maxleibman So that's what they mean by self-effacing, or should we say 'self e-facing.'
Murphy's Lawyer
@maxleibman @SpeakerToManagers Iโm currently discussing Bring Your Own Disaster and am so going to use thisโฆ
Dr.Susan Bushinski
@maxleibman lol just reminded me my work password is due to change in 12 days- it has gotten so ridiculous the parameters you must meet for your password I got it down pack now- as long as I donโt run out of colors and professional sport team names I can last until seven more years until retirement
DaCool
@maxleibman In a similar vain. Had a lock screen pin with 9 digits on my work-supplied Android. Outlook on that phone demanded a safer pin for the device, the last 4 digits were descending. Apparently a big no-no. Tried only the first four digits of that same pin, it worked. Now my work phone only has a 4 digit pin because modern big-corpo digital security is a circus show.
Max Leibman
@DaCool I was actually thinking about the PIN rules for our MDM when I thought of the faces joke. We have a similar ruleโa six-digit PIN is required, but you can't have three or more consecutive ascending or descending digits. (And not just sequentialโ"981" would trip the rule.) No, despite how often I invoke the hashtag, I am not an #infosec professional, but: if you are constrained to a universe of only a million possible PINs, why eliminate tens (hundreds?) of thousands of possibilities?
DaCool
@maxleibman When people busy themselves writing "guidelines" instead of, gee, making this stuff secure and convenient on a factual basis. <Insert Password XKCD here> My workplaces larger overlord org still uses the abysmal "Use a new password every X months" rule despite all IT's petitions and recommendations of MS and standardisation bodies against it. Ticking checkboxes instead of making an actual effort always rubs me wrong.
Chaotic Natural 20
@maxleibman your new face must contain at least one non-alphanumeric character, but we won't tell you which ones are special and will break our servers.
Michael Holroyd
@maxleibman I tried to set a face that would take about 14 million years to brute force crack.
PhDog ๐ฎ๐ช
Employees are once again reminded not to leave their faces (even expired ones) stuck to their keyboards, blotters, or monitors.
Eli the Bearded
@maxleibman Thinking about this upon reading that Amazon's Whole Foods lets you pay with palm print mow
Max Leibman
Please note that we have updated our security policy to accommodate Appleโs Vision Pro and OpticID: If you use OpticID to unlock a device with access to corporate data, you must change your retina at least once every sixty days. You may not re-use any of your most recent 12 eyeballs.
EaterOfSnacks
@maxleibman Lawyers and politicians start with a bonus face each, so they're ahead of the game.
Angus Marshall
@maxleibman Your face must include at least one eye and one nostril and one special expression.
Martin Hamilton
@maxleibman I wonder if your faceprint could include a <special object> which you have to hold up when unlocking? aka Multi-Factor FaceID ๐ง
CodeByJeff
This is no problem. I already have an "excited to be here!" to "what the fuck am I doing here?" 12-month gradient of faces
guyinahat
@maxleibman at the bar ๐ป Honey, I gotta get into my monthly bar fight! ๐ฉ....I need a new face. It's for work! Excuse me big fellow, are you too fat for that burger? ๐ค...yes, I refreshed my face on my desktop! I just don't have access to my previous face to get into my laptop!
Retro Goth Bunny
@maxleibman If humanity manages to last long enough for the cyberpunk dystopia to happen, this may unironically be a thing :P
Empathic Qubit
@maxleibman I took my fingerprint off my phone when I traveled because I got paranoid and never added it back |
@maxleibman I had to share this around the office as I laughed too loud.
They laughed too!