On 1/20/24 22:52, Tim via users wrote:
On Sat, 2024-01-20 at 17:54 -0800, ToddAndMargo via users wrote:
c) Something you are, such as a biometric. This method
involves verification of characteristics inherent to the
individual, such as via retina scans, iris scans, fingerprint
scans, finger vein scans, facial recognition, voice
recognition, hand geometry, and even earlobe geometry
The problem with biometrics, is that if you're identified by data about
you, that data is stolen, and someone can provide it on demand without
your presence, you can't change your authentication data. If someone
can fake your biodata, they can do it forever.
Fingerprints lifted from the glossy surface of your phone, a
compromised service that held your data, a fraudulent service that gets
you to log into them...
Yikes! The bad guys can just use a "keystroke" logger
stye malware to intercept your biometric data and then
they can repeat it at will.
This all goes back to using easy passwords. And the
same passwords on different sites:
https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication
"In fact, databases of known breached account information
reveal the actual passwords in use around the world, and
we can see that people typically fail to choose sufficiently
long, complex, and unique passcodes. A study of the most
common passwords used globally has “123456”, “qwerty”
(six consecutive keys on a keyboard) and “password” among
the top 5."
Add to that the foolish security sites that ask you to constantly
change your password all the time. If the bad buys have not
figured out how to crack your password the first time, lets
give them another change every two weeks! I have seen customers
with passwords on sticky notes on the bottom of the monitors:
abc!, abc!!, abc!!!, abc!!!!, etc. to revolve through their
passwords. The revolving passwords silliness has been proven
time and again to lessen security.
Multi-Factor Authentication is a technique to try to get around
the users response to the obnoxious nature of passwords.
Whether or not it improves things or just manages to
further annoy the poop out of the users is up for debate.
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue