zlacker

[return to "I read the federal government’s Zero-Trust Memo so you don’t have to"]
1. unethi+1n1[view] [source] 2022-01-27 21:06:22
>>EthanH+(OP)
TOTP is not going anywhere for much of the Internet. Hold on while I get a Yuibikey to my dad who thinks "folders can't be in other folders" because that's not how they work in real life.

TOTP is a great security enhancement, and while phishable, considerably raises the bar for an attacker.

The fact that TOTP is mentioned as a bad practice in this document is an indicator that this should not be considered a general best practices guide. It is a valid best practice guide for a particular use case and particular user base.

◧◩
2. tptace+Sp1[view] [source] 2022-01-27 21:19:22
>>unethi+1n1
Yubikeys aren't the serious long-term alternative to TOTP; software keys embedded in phones are what we're going to end up with.
◧◩◪
3. takumi+Jm4[view] [source] 2022-01-28 18:04:09
>>tptace+Sp1
I have a newbie question: Can't we embed a hardware key into a phone, and that'd be just as good as a Yubikey? Do we already do this, or is there a reason why we don't?
[go to top]