You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Looking for feedback about how long other companies set the timer to lock Windows PCs when they are not being used.
My company currently has this set to five minutes but our new security manager has said he is going to set this to two minutes which seems... silly.
We are not in the top secret business and most users are pretty good at locking their machines when they leave them.
My gripe is that the project I work on means that I mainly use a laptop supplied by a customer for doing config stuff but I use my company laptop for email, IM and researching things. I often go more than five minutes without touching it and have to unlock it - counted today and did it 19 times.
With a two minute timeout I will either be unlocking 100+ times a day or just not bothering to check email or respond to IMs.
Is there any recommendation from CESG or similar for this? - we have not had any data issues and this two minute setting seems to have been pulled out of the air by someone who only uses one device.
Ours is pretty short, but I haven't measured it yet. I guess I have to unlock my PC about 10 times a day. It's a pain but nothing we (the normal users) can do about it.
Who are you letting on site that could target an unlocked laptop in 5 minutes?
I think ours is 15 minutes.
Search eBay for a 'mouse jiggler'.
No really, it's what they are called.
Thanks chaps exactly what I had hoped for - great work!
I set mine for 2 minutes, with the screen turning off after 1 minute, but I use the PIN code instead of password so it just takes a second to unlock it. My office is reasonably secure, but our organization has been hacked in the past and if we get audited, I want to be sure that I don't have any explaining to do.
Same as hols - I use a pin that is much faster. I've set ours quite quick as we are in a shared building.
I work in a high security environment and have a couple of PCs as one of the security levels need to be air-gapped - both are on 15 minute screen locks (set by domain policies). We also have a general policy if you leave your desk you manually lock your PCs (pretty standard stuff). I also need to connect into a mid classification environment (OFFSEN) via RDP and the idiot in control of that environment has enforced a 5 minute screen lock and it drives me nuts. I've let him know (in a semi-professional way...) what I think of the policy - he never responds to my emails though :p
2 minutes is an absolute joke and a clear sign your security manager doesn't know what he's doing. Let me guess he's also recommended 30 day password changes?
Ours got set to a really short lock time a while back, but eventually reverted back to a more sensible time, as litteraly every one was kicking off about it, litteraly if you turned around for a quick discussion with someone, you'd be locked when you turned back around.
After about a month the policy was dropped.
2 minutes is an absolute joke and a clear sign your security manager doesn’t know what he’s doing.
Our security manager is a joke, to be sure, but I set the 2 minute lock screen myself so that I don't have to worry if I forget to lock it when I walk away. If I haven't used the keyboard or mouse in two minutes, I'm not really using the computer and it only takes a second to enter a 4-digit pin.
Our security manager is a joke, to be sure, but I set the 2 minute lock screen myself so that I don’t have to worry if I forget to lock it when I walk away. If I haven’t used the keyboard or mouse in two minutes, I’m not really using the computer and it only takes a second to enter a 4-digit pin.
Firstly - you shouldn't be forgetting to manually lock your screen, setting a short screen lock as a way to mitigate that is bad practice as human nature means you end up actually relying on that rather than getting into the screen lock habit. Also 2 minutes is more than enough time for you to have walked away and for someone to access your PC before it locks.
Secondly - a PIN is NOT good security without 2FA in a corporate environment. A Windows PIN is fine (and is arguably better than a password) for home use but not in a corpo environment with a domain (without 2FA), especially when this scenario is all about someone having physical access to your PC. If you're also using 2FA (bio-metric rather than token) then I can see why unlocking is quick enough that a short screen lock time is less inconveniencing - however it still doesn't justify a short screen lock time in the first place.
got Skype (for Bus) on your work machine?
Set up a conf call and join it, you can be the only attendee, but unless your IT dept have changed that as well then it will stop it locking 😉
Firstly – you shouldn’t be forgetting to manually lock your screen, setting a short screen lock as a way to mitigate that is bad practice as human nature means you end up actually relying on that rather than getting into the screen lock habit.
I don't rely on it, but it's there just in case I forget. I always manually lock my machine when I walk away, but sometimes people forget obvious things so having a backup is sensible.
Also 2 minutes is more than enough time for you to have walked away and for someone to access your PC before it locks.
We have two people to an office in my building, with hundreds of people scattered over multiple buildings, some in single offices, others in large shared offices. I trust my colleague, we get on very well and he's utterly professional. When we leave the office unattended, even for a minute, we always lock the door. However, he did once leave his keys in the door for a few minutes when he got distracted when he was locking up. Not good, but the sort of mistake humans make. The chances of a casual hacker just wandering in and accessing a machine is pretty small, but a professional would probably have little trouble given that the janitorial staff are pretty slack with keys. On top of that, our IT people are utterly hopeless, so I set a short screen lock just in case our system gets hacked again and I have to show that I'm keeping stuff secure. Last year, someone opened an unsolicited PDF attachment and the system got hacked.
Secondly – a PIN is NOT good security without 2FA in a corporate environment. A Windows PIN is fine (and is arguably better than a password) for home use but not in a corpo environment with a domain (without 2FA), especially when this scenario is all about someone having physical access to your PC. If you’re also using 2FA (bio-metric rather than token) then I can see why unlocking is quick enough that a short screen lock time is less inconveniencing – however it still doesn’t justify a short screen lock time in the first place.
You have no idea how incompetent our IT people are. I'm not in the IT department, I don't set those policies. I'm just covering my arse for the inevitable time when we get hacked again.