Wish-It-Was Two-Factor Security

Started by Thorin, August 09, 2010, 11:28:32 AM

Previous topic - Next topic

Thorin

Some (most?) of us on here are in IT, whether developer or network admin or system admin, or something.  Have you ever wondered why we get asked security questions now, or whether they're any use?  I was surprised to find background info about this on DailyWTF, of all places:

http://thedailywtf.com/Articles/Wi@%&#Was-TwoFactor-.aspx

Which just reminds me that security is incredibly easy to get wrong, as it only takes one weak link to make the security chain break. "One way to do it right, ninety-nine ways to do it wrong".
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Darren Dirt

180+ comments, and one of the very earliest of them nailed it:

"Just put a post-it on the monitor!! DUH!"

aka "this kind of isn't-really-2-factor authentication encourages non-techies to just do what you are trying to prevent in the first place!" lol
_____________________

Strive for progress. Not perfection.
_____________________

Thorin

It's interesting to read what some banks in Europe do.  For instance, sending a text message to your mobile for each transaction you want to do.  As one poster said, it's much harder to spoof your mobile...
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Lazybones

I just get Bad Request (Invalid URL) with that link

Ha it didin't like wish it was

Lazybones

At most it is brute force protection, but honestly how hard are most of those to guess or google?

Thorin

Quote from: Lazybones on August 10, 2010, 07:26:13 PM
I just get Bad Request (Invalid URL) with that link

Ha it didin't like wish it was

Huh?  Oh, blocked at work or something?
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Lazybones

Quote from: Thorin on August 10, 2010, 08:06:03 PM
Quote from: Lazybones on August 10, 2010, 07:26:13 PM
I just get Bad Request (Invalid URL) with that link

Ha it didin't like wish it was

Huh?  Oh, blocked at work or something?

No the forum swear filter replaced the characters.