Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
bkwilliams675311dThere is a term “security theater” that covers all of that.
toriyuno207711dI hate it so much.
I want the *choice* to choose the level of 'security'.
Convenience is far more important to me than bullshit illusion of 'security' over assets that ultimately don't matter much.
Fast-Nop1416911dWell with some hotline clerks, they are actually right. They have to follow their processes no matter what because anything else would open opportunities for social engineering.
oreru49111dthe 2 factor is real shit right there and i hate it so much.
before that a hacker needed to find one password combined to the username, now he needs to find one of the dozen recovery pass probably written somewhere or accessible on some file .. that sounds easier if you ask me.
tokumei257310dMy ideal multi-factor authentication scheme would be an asymmetric key encrypted (or better, locked in a smart card) with a cryptographically secure, memorizable password.
Something that proves that either you are who you say you are, or that someone else beat the shit out of you and you're never going to speak again. You have to be missing, because they know as soon as they let you go, you're going to tell everyone that you're compromised. But then people will eventulally figure out that you're missing. They can't win in the long run.
You still do have to be careful about getting phished/keylogged/skimmed, and thise techniques will still work very well on people who don't think about security, unfortunately. But I personally think it is secure enough in practice.
madumlao34010d@Fast-Nop kinda the opposite, the problem isn't the hotline, the problem is the process behind the hotline. Attempting to sprinkle "validation" after the fact that the system already granted the sensitive info gives the double whammy of locking out the guy you can actually validate while not doing anything to stop the guy who actually broke in.
Its not that they dont have a choice on how to implement security, its that they didnt implement security and after-the-fact used theater to make it seem like they did.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job