Gregory's ServerIf you access corporate email on a personal device that can be unlocked with FaceID, you must change your face at least once every sixty days.
You may not reuse any of your most recent 12 faces.
 69 comments
 @elfin @maxleibman @juliewebgirl Which face manager do you use? I use 1Face and have heard good things about FaceWarden. Stay away from LastFace, too many face leaks as of late    @maxleibman our policy is to change faces every 30d, unless there's indication your face has been compromised. In that case an immediate face change is required to access company assets. @jackscerebellum @maxleibman We also enforce Strong Faces that can't be easily identified by others.    Please contact the technical support desk if you have forgotten your face and need help resetting it. @maxleibman Our support desk is finding it hard to recruit: it’s hard to find people with decent tech knowledge along with mobster level face-rearranging skills. @johnhudswell “No one wants to work anymore,” lamented Lenny “The Shark” O’Hanlon, technical support desk supervisor. @maxleibman Not all accounts allow for self face reset. That needs to be enabled by face admins.  @maxleibman by biometric breach and soon someone will be @maxleibman My Schwarzenegger face is impossible to forge as it has too much muscle for most geeks who just sit like blobs. @maxleibman Only person who can actually access her phone after a year is going to be the witch from Return to Oz. 😅 @maxleibman So that's what they mean by self-effacing, or should we say 'self e-facing.' @maxleibman @SpeakerToManagers I’m currently discussing Bring Your Own Disaster and am so going to use this… @maxleibman lol just reminded me my work password is due to change in 12 days- it has gotten so ridiculous the parameters you must meet for your password I got it down pack now- as long as I don’t run out of colors and professional sport team names I can last until seven more years until retirement  @maxleibman In a similar vain. Had a lock screen pin with 9 digits on my work-supplied Android. Outlook on that phone demanded a safer pin for the device, the last 4 digits were descending. Apparently a big no-no. Tried only the first four digits of that same pin, it worked. Now my work phone only has a 4 digit pin because modern big-corpo digital security is a circus show. @DaCool I was actually thinking about the PIN rules for our MDM when I thought of the faces joke. We have a similar rule—a six-digit PIN is required, but you can't have three or more consecutive ascending or descending digits. (And not just sequential—"981" would trip the rule.) No, despite how often I invoke the hashtag, I am not an #infosec professional, but: if you are constrained to a universe of only a million possible PINs, why eliminate tens (hundreds?) of thousands of possibilities? @maxleibman When people busy themselves writing "guidelines" instead of, gee, making this stuff secure and convenient on a factual basis. <Insert Password XKCD here> My workplaces larger overlord org still uses the abysmal "Use a new password every X months" rule despite all IT's petitions and recommendations of MS and standardisation bodies against it. Ticking checkboxes instead of making an actual effort always rubs me wrong.  @maxleibman your new face must contain at least one non-alphanumeric character, but we won't tell you which ones are special and will break our servers. @maxleibman I tried to set a face that would take about 14 million years to brute force crack.  Employees are once again reminded not to leave their faces (even expired ones) stuck to their keyboards, blotters, or monitors.  @maxleibman Thinking about this upon reading that Amazon's Whole Foods lets you pay with palm print mow Please note that we have updated our security policy to accommodate Apple’s Vision Pro and OpticID: If you use OpticID to unlock a device with access to corporate data, you must change your retina at least once every sixty days. You may not re-use any of your most recent 12 eyeballs.   @maxleibman Lawyers and politicians start with a bonus face each, so they're ahead of the game.  @maxleibman Your face must include at least one eye and one nostril and one special expression.  @maxleibman I wonder if your faceprint could include a <special object> which you have to hold up when unlocking? aka Multi-Factor FaceID 🧐 This is no problem. I already have an "excited to be here!" to "what the fuck am I doing here?" 12-month gradient of faces   @maxleibman at the bar 🍻 Honey, I gotta get into my monthly bar fight! 😩....I need a new face. It's for work! Excuse me big fellow, are you too fat for that burger? 🤕...yes, I refreshed my face on my desktop! I just don't have access to my previous face to get into my laptop! @maxleibman If humanity manages to last long enough for the cyberpunk dystopia to happen, this may unironically be a thing :P  @maxleibman I took my fingerprint off my phone when I traveled because I got paranoid and never added it back |
@maxleibman I had to share this around the office as I laughed too loud.
They laughed too!