Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
hitko31451yThere is no real solution. Human brain is limited, so it's near-impossible to keep a number of complex secrets there. Computers are good at brute forcing simple secrets, therefore we need some form of complex secrets. Storing complex secrets on dedicated devices works, but there's no real backup if something goes wrong with such devices. If you want to use backup devices you need to have them with you whenever you need to store a new secret, but they don't provide much backup if you keep them together.
Best you can do is try to combine multiple solutions to find adequate balance between security and robustness, but that doesn't really work when different users have different needs. -
Agree that there's no easy solution.
However, I find most of enforced MFA is plain bullshit.
As in, as an independent contractor, I've seen such debaucheries with it...
When I worked for Volkswagen, they forced me to re-log into AWS *every hour*.
They wouldn't understand the fact that some of the tasks take several hours.
This, of course, included programmatic keys, which is retarded, but oh well.
Overzealous sysadmins will be overzealous. Their precious access is often worth shit. -
Maybe the browser should know who I am and remember. Yeah that’s the ticket. We just need to turn off javascript now! Oops. Did I say that out loud?
I can’t take the stupid security theatre anymore. I give up.
Multifactor authentication every 5 minutes. I hate it.
I don’t have a solution and neither does anyone else that doesn’t involve rewriting all apps from scratch.
random