076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. CEO of Anti-Clock Society (be@floss.social)'s status on Saturday, 24-Dec-2022 02:46:18 JST CEO of Anti-Clock Society CEO of Anti-Clock Society

    Abolish passwords.

    In conversation Saturday, 24-Dec-2022 02:46:18 JST from floss.social permalink
    • CEO of Anti-Clock Society (be@floss.social)'s status on Saturday, 24-Dec-2022 02:46:14 JST CEO of Anti-Clock Society CEO of Anti-Clock Society
      in reply to

      Password managers are to passwords like address sanitizer is to memory unsafe programming languages. They're mitigations, but do not solve the problem. The only way to solve the problem is to switch to a fundamentally different solution.

      In conversation Saturday, 24-Dec-2022 02:46:14 JST permalink
    • CEO of Anti-Clock Society (be@floss.social)'s status on Saturday, 24-Dec-2022 02:46:15 JST CEO of Anti-Clock Society CEO of Anti-Clock Society
      in reply to

      I wish people talked about passwords the same way they talk about memory unsafe programming languages.

      In conversation Saturday, 24-Dec-2022 02:46:15 JST permalink
      Adrian Cochrane repeated this.
    • CEO of Anti-Clock Society (be@floss.social)'s status on Saturday, 24-Dec-2022 02:46:16 JST CEO of Anti-Clock Society CEO of Anti-Clock Society
      in reply to

      Authenticating with remote servers by exchanging a shared secret is a bad idea and always has been.

      In conversation Saturday, 24-Dec-2022 02:46:16 JST permalink
    • CEO of Anti-Clock Society (be@floss.social)'s status on Saturday, 24-Dec-2022 02:46:17 JST CEO of Anti-Clock Society CEO of Anti-Clock Society
      in reply to

      Infosec people be like yelling at users to use password managers instead of yelling at developers to implement WebAuthn.

      In conversation Saturday, 24-Dec-2022 02:46:17 JST permalink
    • CEO of Anti-Clock Society (be@floss.social)'s status on Saturday, 24-Dec-2022 02:47:12 JST CEO of Anti-Clock Society CEO of Anti-Clock Society
      in reply to
      • Michael Downey 🇺🇳

      @downey There are profits to be made in selling FIDO authenticators and consulting with organizations to switch to WebAuthn.

      In conversation Saturday, 24-Dec-2022 02:47:12 JST permalink
    • Michael Downey 🇺🇳 (downey@floss.social)'s status on Saturday, 24-Dec-2022 02:47:13 JST Michael Downey 🇺🇳 Michael Downey 🇺🇳
      in reply to

      @be

      s/Infosec/corporate/

      The latter isn't profitable.

      In conversation Saturday, 24-Dec-2022 02:47:13 JST permalink
      Adrian Cochrane repeated this.
    • CEO of Anti-Clock Society (be@floss.social)'s status on Saturday, 24-Dec-2022 06:34:32 JST CEO of Anti-Clock Society CEO of Anti-Clock Society
      in reply to

      Why do memory unsafe programming languages get so much more attention problemitizing them than passwords? I think passwords are a much bigger risk for most people than unsafe memory access which will most likely cause the affected program to crash. Passwords are routinely exploited by phishing and mass leaks of password hashes from hacked servers.

      In conversation Saturday, 24-Dec-2022 06:34:32 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.