On Sat, Mar 27, 2021 at 11:02:58PM +0100, Björn Persson wrote: > Kevin Fenzi wrote: > > I'd like us to add security query/respond pairs. > > Those can very easily weaken security, as the answers are often public > and easy for an attacker to look up, especially when there are only a > few predefined questions to choose from. I was not advocating predefined questions. :) > If I can enter my own question, then I can come up with some things > that only I and my family know. That requires careful and security- > conscious consideration. Many people would come up with insecure > questions. Well, I always use randomly generated words for mine. But I agree, some people would make poor choices there. > There's a limited supply of such personal secrets that I can be sure > I'll remember, so I can't do that for too many sites. It also requires > a not too public life. People who publish their entire lives on > Facebook will have trouble coming up with a question that an attacker > can't find the answer to. Another reason to randomly generate. > Otherwise I'll make up a nonsensical phrase to enter as the answer, and > store it securely. That turns the "security question" into a backup > passphrase. If you want people to do this, then it's better to ask them > to make up a passphrase. Sure, that might be better, although I still like that it's a manual process. ie, they have to tell it to an admin and the admin has to make sure everything looks right, etc. But in the end there's lots of ways to do all this, but one good reason we wanted to get off running our own account system was to not have to deal with this so much. So, really I think we should work to improve / land any changes we want here in IPA itself. Then everyone can benifit from it, and the IPA team that has a lot more security experence than I can do the right thing implementing it. :) Of course IPA has focused on the corp setting and this is kind of an expansion of their area, so we will need to discuss things with them I think. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
