What's /g/'s position on that security tech? Do we really need it since its not 100% secureproof? Can it evolve into something more secure and less annoying? Will something like ubikeys become the norm in the future?
>>108264567it certainly doesn't hurt to have it. especially if you're a megacorp responsible for corralling thousands and thousands of retards
>>108264575I think at this point, 2FA should be mandatory and a part of the account creation process. The problem is that almost every company makes certain that the option to activate 2FA is somewhere hidden in the fucking options. I know some normies that got their gmail accounts hacked because they didnt know that there was an 2FA option at all
>>108264567has applications but as implemented mostly an annoyance. my passwords were plenty secure.if it's sms and especially if it's one that doesn't even bother with the password (looking at you cvs) an actual security downgrade.
>>108264567It offers no significant security improvement if you already use a strong password. Users should always have the option to opt out of 2FA with the understanding that if their account gets hacked they're fucked.
>>108264567Tokenize the system
>>108264642it also introduces all kinds of extra failure modes to keep track ofalthough that ship has sailed now that everyone uses cloudflare to decide if you're legit:>we're sorry you cannot log into delta.com from a location you've never been to before>the location: the atlanta airport
>>108264646More like>TOKENIZE THE PLANEEEEEEET
>>108264567These are not implemented as some advanced high-tech security measures or something 100% secureproof, if we are talking about OTP MFA. These are implemented and enforced onto retards with reused passwords like "Password123" who regularly fuck-up entire security model and then costs companies lawsuits.Weakness of OTP is set-up code. But it is pretty complex to exfiltrate or to exploit - in most cases, you need to be tracking your victim even before OTP is configured, or to somehow make the victim to expose set-up code. It is still susceptible to phishing attacks - but you generally gonna have easier time making the retard to log-in into fake website, rather than getting them get spill the set-up code from their password manager.Other MFA measures (fingerprint, face, smart card, ubikey, passphrase, etc) - are also having their own drawbacks.The goal of any security measure is not to make something 100% secure - it is impossible to reach 100% security and there will always be a weak link in any security model. The goal is to make it as annoying as possible and to take as much time as possible to break security - but here you also have to cope with retards complaining about "muh productivity".
>>108264655>92% uptime>that's good, right?
I think the world would be more betterer if less people were fucking retards incapable of using keys instead of passwords
>>1082645672FA was always a pointless memeI'd rather use a password + pin instead
>>108264567>Do we really need itYes>its not 100% secureproof?Depends on the method. >Will something like ubikeys become the norm in the future?I doubt it. If security keys become extremely important I'd hope all those in charge use nitrokeys instead. Personally I'd not run any company that doesn't have security keys for 2FA. >>108264642Wrong, there are multiple attack vectors, especially since you didn't specify not reusing passwords. >>108264694>Weakness of OTP is set-up code. But it is pretty complex to exfiltrate or to exploit - in most cases, you need to be tracking your victim even before OTP is configured, or to somehow make the victim to expose set-up code. It is still susceptible to phishing attacks - but you generally gonna have easier time making the retard to log-in into fake website, rather than getting them get spill the set-up code from their password manager.TOTP has a shared secret, so if the service gets hacked you could be compromised if they also didn't hash the passwords or didn't use a salt/pepper. >The goal of any security measure is not to make something 100% secure - it is impossible to reach 100% security and there will always be a weak link in any security model.Best sentence itt so far.
>>108264642Using a strong password doesn't matter one shit when they buy your strong password off a list of accounts of a list from breached sites tardo
>>108264567>What's /g/'s position on that security tech?it's malware
>>108264567Its just a way to force you to rely on your phone for everything.
>>108266834if their site is breached then the attackers don't need the passwords...
>>108264567something like TOTP is a good balance of added security without being to much of an extra hastle
>>108264567>What's /g/'s position on that security tech?Poorly implimented and pushed as theater to satisfy other agenda.>Do we really need it since its not 100% secureproof?Then you're doing it wrong.I'm using 2FA to secure access to my servers. Good luck getting in without my private key.>Can it evolve into something more secure and less annoying?It doesn't need to evolve. It just needs to not be implimented like a fuckwomble.>Will something like ubikeys become the norm in the future?Probably. But only because stupid fucknuckles like yourself have proven history of intentionally selecting the cuck options freshly built to cuck you when the proven systems have been sat on the shelf for decades.>>108264601>The problem is that almost every company makes certain that the option to activate 2FAThat's not the problem, at all. In the slightest.The problem is most of what they push as 2FA really isn't, with a disturbing number implimentations that actively reduce security.>>108264642>It offers no significant security improvement if you already use a strong passwordPasswords can be guessed. Improbable isn't impossible.Sure. The same brute force paradigm applies equally to the likes of x.509 keys. But I've not seen a properly implimented example of that fall yet, and properly implimented passwords have evidenced fail...
>>108264567Fellas, Id like to use OTP but I dont trust Jewgle. Is there another Authenticator that runs locally?
>>108264567TOTP is plenty secure AS LONG AS YOU HAVE SECURE BACK-UPS OF YOUR CODES, SMS introduces jeet based vulnerabilities if someone figures out your phone number
>>108269622proton
