|
You are absolutely correct; it is more about the user having the feeling of being secure than an actuality of security that no system can truly provide. For the most part, if your infrastructure is good, your encryption is good and your users aren't giving away their passwords, an email and password is fine for most things. Another level for banking/financial solutions wouldn't go amiss: many will prompt you for a magical word and then ask you to pick one or two random letters. One I have provides a dongle which you can elect to sue or not! Another bank I know still uses a classic ASP site and the passwords can be as short as 6 letters!!!
|
|
|
|
|
GuyThiebaut wrote: Most security systems can be cracked given enough time. Don't forget the monkeys!
The United States invariably does the right thing, after having exhausted every other alternative. -Winston Churchill
America is the only country that went from barbarism to decadence without civilization in between. -Oscar Wilde
Wow, even the French showed a little more spine than that before they got their sh*t pushed in.[^] -Colin Mullikin
|
|
|
|
|
From a user point of perspective I find it a PITA
|
|
|
|
|
Yes, there is that as well. I have used it where receiving the token is not instantaneous whereas with the more traditional login you get feedback immediately.
|
|
|
|
|
R. Giskard Reventlov wrote: well, not praise it
Any examples of where it's bad?
cheers
Chris Maunder
|
|
|
|
|
Two-factor or not two-factor? That is the security question[^]
Quote: However, most computer crime is committed by bad guys who've compromised the victim's legitimate device by taking advantage of unpatched software or inducing the user to unknowingly execute a Trojan. Call it a man-in-the-endpoint attack. Attackers then use the user's legitimate access for bad acts. Unfortunately, 2FA can't change that; in fact, 2FA has been shown to be useless in endpoint attacks over and over.
Why 2 Factor Authentication Hinges on the User Experience[^]
Quote: If a user is unable to login to a service or system they care about because of a constraint with a 2 factor platform you can bet they will disable 2 factor authentication as soon as they’re able to.
It seems to me that 2FA is more of a psychological security device than a practical one. I'm not sure how one could overcome that: in the meantime offering it as an alternative to email/password and/or one or two other pieces of info can't hurt, I suppose.
|
|
|
|
|
R. Giskard Reventlov wrote: It seems to me that 2FA is more of a psychological security device than a practical one
With respect I disagree.
The first point is basically: "In certain circumstances 2FA won't help". "certain circumstances" meaning "their backup device is already comprised. An household alarm system is useless if the crooks have your remote control that deactivates it.
However, 2FA is very effective if your second device isn't already in the hands of those looking to get into your systems.
The second point is "2FA can be annoying so users turn it off". Passcodes on your phone are annoying too, but if you have one on then your phone is fairly safe. Removing the passcode feature because some are too lazy or inconvenienced to use it exposes the other 99% of people.
So I feel those arguments, while valid, don't relate to the majority case.
cheers
Chris Maunder
|
|
|
|
|
Fair points.
As I said, does no harm to add as an option anyway - I think there may even be an article or 2 on a site I know...
|
|
|
|
|
...by a Polo diesel owner...[^] (SFW - UYWFV1)
1 "Unless You Work For Volkswagen"
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Did I come directly to you, or did you have to go to the nearest station to visit it?
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
|
|
|
|
|
I'm on the 1702 VW to Portsmouth Harbour
veni bibi saltavi
|
|
|
|
|
Whaah nice one
With friendly greetings,
Eric Goedhart
|
|
|
|
|
VW's on the bleeding edge there.
New version: WinHeist Version When you have eliminated the JavaScript, whatever remains must be an empty page. Unknown
|
|
|
|
|
Pass that emissions test.
Mongo: Mongo only pawn... in game of life.
|
|
|
|
|
LOL!
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
From a blurb in an e-mail from Manning Publishers re a new book on the Meteor Framework, yet another "full-stack" JavaScript do-all-be-all (never heard of it before):
Meteor applications react to changes in data instantly, so you get impossibly responsive user experiences. I sure do want to have impossibly responsive user experiences ! And, hey, how about super-size that to include miraculous $ales ?
Pretty soon there'll be so many FrameWorks out there the only place you can get a half-stack is at the International House of Pancakes.
«I want to stay as close to the edge as I can without going over. Out on the edge you see all kinds of things you can't see from the center» Kurt Vonnegut.
|
|
|
|
|
Woohoo. Web sockets wrapped in a sock.
Marc
|
|
|
|
|
What's really needed is a framework to manage frameworks.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "As far as we know, our computer has never had an undetected error." - Weisert | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
BillWoodruff wrote: impossibly responsive user experiences The first problem with this sort of statement is that developers are scientists in the true sense of the word(evidence based, repeatability and peer review of our work is common) and we are just going to pick the crap out of statements like that.
The second problem is that much of the time our bosses are not scientists and will swallow that sort of statement hook line and sinker.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Meteor is actually pretty popular, but only came to Windows pretty recently.
Generally, I like Manning books. I prefer Manning over Apress or O'Reilly
I do agree that's an impossibly bad sales pitch though
|
|
|
|
|
|
|
Is someone smoking out there too!?!?
Regards,
Palash
|
|
|
|
|
Did a VW drive through that part of the sky?
Marc
|
|
|
|
|
My last car was a VW. Though ti was a fairly robust if really boring car. Glad I got rid of it!
|
|
|
|