Re: Fedora Account Migration & Production Deployment Update: COMPLETE!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 27 Mar 2021 23:02:58 +0100
Björn Persson <Bjorn@xxxxxxxxxxxxxxxxxxxx> wrote:

> Kevin Fenzi wrote:
> > I'd like us to add security query/respond pairs.   

> There's a limited supply of such personal secrets that I can be sure
> I'll remember, so I can't do that for too many sites. It also requires
> a not too public life. People who publish their entire lives on
> Facebook will have trouble coming up with a question that an attacker
> can't find the answer to.
> 
> Otherwise I'll make up a nonsensical phrase to enter as the answer,
> and store it securely. That turns the "security question" into a
> backup passphrase. If you want people to do this, then it's better to
> ask them to make up a passphrase.

Why change the questions that are asked?  Just answer with a
nonsensical answer, and store it in the same secure matter on your
system as your password.  e.g.  What is your favorite food?  Jamaica.
or What was your team's name in high school?  0126672651361
I suppose it could be a passphrase, but this is easier to cut and
paste.  Remembering personal secrets is a non starter as an
authentication method; it favors convenience over security, the
equivalent of 'password' or 'Decemberpass' or a sticky note on the
monitor.

I've used those hardware gadgets that spit out a number that matches a
similar hardware device at the site being logged into, but that takes
co-ordination and I didn't pay for the device, the company did, so it
could be expensive, as well as managing the co-ordination.

How about everyone has two logins, and they have to log in with
different logins from the same device, using different passwords.  They
then are considered to be authenticated.  That uses the existing
infrastructure of password managers to keep passwords secure, and just
requires two logins on the site being logged into; should be easy
enough.  Less secure than a real second factor, but more secure than a
single password.  I suppose if we consider that too much trouble, just
add a second password to the single login everywhere.  Even less secure
than the two login method, though.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux