|
yoink 
|
#
?
May 9, 2022 11:49
|
|
|
|
| # ? Apr 28, 2024 23:42 |
|
|
crabrave.pw
|
|
#
?
May 9, 2022 13:04
|
|
|
taking that as a no
|
|
#
?
May 9, 2022 13:10
|
|
|
*borat voice* MAIFILE.cn
|
|
#
?
May 9, 2022 13:53
|
|
|
Crime on a Dime posted:viewed any images or links on any of these lately? crab rave. SHREK IS LIFE efb
|
|
#
?
May 9, 2022 13:58
|
|
|
sb hermit posted:I don't see smartphones as a good mechanism for passwordless logins in high security situations. Heck, for certain areas, having a powered-on smartphone itself would be an auditable event. Much better to have a smartcard or yubikey, paired with a reasonable password, for secure mfa authentication. The problem is cost associated with providing those tokens. I'm pushing for FIDO Keys like Yubikey for our privileged users, but man it adds up fast.
|
|
#
?
May 9, 2022 13:58
|
|
|
wondering which hardcore shrek fanfic cosplay community they are trying to phish
|
|
#
?
May 9, 2022 14:01
|
|
|
CommieGIR posted:The problem is cost associated with providing those tokens. I'm pushing for FIDO Keys like Yubikey for our privileged users, but man it adds up fast. am i stupid or do nfc stickers seem like a cheap way of doing this
|
|
#
?
May 9, 2022 14:02
|
|
|
Beeftweeter posted:am i stupid or do nfc stickers seem like a cheap way of doing this It would be cheaper, but then you have to ensure everyone has NFC readers or laptops/machines with NFC readers built in.
|
|
#
?
May 9, 2022 14:08
|
|
|
CommieGIR posted:It would be cheaper, but then you have to ensure everyone has NFC readers or laptops/machines with NFC readers built in. which a lot of enterprise laptops do have and i think a bulk purchase of usb readers or something would probably be cheaper than $30-50/yubikey
|
|
#
?
May 9, 2022 14:12
|
|
|
Beeftweeter posted:which a lot of enterprise laptops do have and i think a bulk purchase of usb readers or something would probably be cheaper than $30-50/yubikey Yeah, a lot do, I know mine does. But we also have a lot of legacy stuff hanging around. I'd still push for FIDO keys for Admins and Domain Admins at the end of the day.
|
|
#
?
May 9, 2022 14:15
|
|
|
a hundred bucks of yubikeys for each person is like, several orders of magnitude smaller than the other costs you have associated with that employee
|
|
#
?
May 9, 2022 15:19
|
|
|
Jabor posted:a hundred bucks of yubikeys for each person is like, several orders of magnitude smaller than the other costs you have associated with that employee when you have a gazillion users they're not gonna do gently caress all unless it's as cheap as conceivably possible even if a security breach would be infinitely more expensive
|
|
#
?
May 9, 2022 15:27
|
|
|
i love my yubikeys
|
|
#
?
May 9, 2022 15:31
|
|
|
can't you get the cheap yubikeys that only do fido or whatever, if you wanna be real cheap
|
|
#
?
May 9, 2022 16:00
|
|
|
CRIP EATIN BREAD posted:i love my yubikeys
|
|
#
?
May 9, 2022 16:01
|
|
|
Shame Boy posted:can't you get the cheap yubikeys that only do fido or whatever, if you wanna be real cheap sure, but "as cheap as conceivably possible" in my book also includes burning the fido tags to a 3¢ sticker that could also work with phones
|
|
#
?
May 9, 2022 16:06
|
|
|
Isn't FIDO an interactive protocol? Which NFC stickers won't support?
|
|
#
?
May 9, 2022 16:11
|
|
|
pseudorandom name posted:Isn't FIDO an interactive protocol? Which NFC stickers won't support? well yeah, that's why i threw in "that works with phones". i could see unique tags being used to bring up an authentication prompt that gives you an actual token, kinda like microsoft authenticator
|
|
#
?
May 9, 2022 16:15
|
|
|
If the 2FA is being run on the phones then what's the point of the NFC tag?
|
|
#
?
May 9, 2022 16:18
|
|
|
CRIP EATIN BREAD posted:i love my yubikeys Me too.
|
|
#
?
May 9, 2022 16:29
|
|
|
pseudorandom name posted:If the 2FA is being run on the phones then what's the point of the NFC tag? some physicality to make sure the person is present? e: it was just a half-baked idea in response to a post anyway, i don't actually implement this poo poo. i just analyze it, recommend alternatives, etc. to make sure the cost-cutting doesn't seriously impact security. if i had my way we'd be spending hundreds of millions that are truly necessary Beeftweeter fucked around with this message at 16:36 on May 9, 2022 |
|
#
?
May 9, 2022 16:34
|
|
|
Beeftweeter posted:well yeah, that's why i threw in "that works with phones". i could see unique tags being used to bring up an authentication prompt that gives you an actual token, kinda like microsoft authenticator lol
|
|
#
?
May 9, 2022 16:35
|
|
|
Beeftweeter posted:some physicality to make sure the person is present? beside them biometricaly unlocking their phone and app and approving auth?
|
|
#
?
May 9, 2022 16:36
|
|
|
Beeftweeter posted:am i stupid (the answer is yes)
|
|
#
?
May 9, 2022 16:38
|
|
|
yeah either you accept the phone as not being compromised and therefore needing a person physically there to operate it, or you assume the phone is compromised in which case this whole argument is moot
|
|
#
?
May 9, 2022 16:38
|
|
|
Crime on a Dime posted:beside them biometricaly unlocking their phone and app and approving auth? tbf you can't always assume phones have a biometric lock. alot of our workers have lifeline phones that do not
|
|
#
?
May 9, 2022 16:39
|
|
|
Beeftweeter posted:tbf you can't always assume phones have a biometric lock Shame Boy posted:yeah either you accept the phone as not being compromised and therefore needing a person physically there to operate it, or you assume the phone is compromised in which case this whole argument is moot
|
|
#
?
May 9, 2022 16:40
|
|
|
I am just going to trust nothing and make my systems impossible to operate. Totally secure. I am also going to debate the the fact that the microsoft authenticator and apps like it are not totally secure while also allowing the most basic of security blunders to happen in my org. I just want to sound really smart in conversations.
|
|
#
?
May 9, 2022 16:48
|
|
|
Beeftweeter posted:
|
|
#
?
May 9, 2022 16:51
|
|
|
dpkg chopra posted:*borat voice*
|
|
#
?
May 9, 2022 16:54
|
|
|
Sickening posted:I am just going to trust nothing and make my systems impossible to operate. Totally secure. Cut the wires, shut down the system, totally secure.
|
|
#
?
May 9, 2022 16:54
|
|
|
Sickening posted:I am just going to trust nothing and make my systems impossible to operate. Totally secure. best of both worlds
|
|
#
?
May 9, 2022 16:55
|
|
|
real talk i actually use this thing and i like it fine. it's pretty versatile
|
|
#
?
May 9, 2022 17:01
|
|
|
CommieGIR posted:Me too. 
|
|
#
?
May 9, 2022 17:04
|
|
|
Any time I've given the olds any sort of small device that is not their phone, they lose it within 2 months, and within those 2 months they maybe remember to actually bring it with them maybe 2 days. Giving them yubikeys to be able to do their job sounds like hell.
|
|
#
?
May 9, 2022 18:06
|
|
|
dpkg chopra posted:the olds ... sounds like hell.
|
|
#
?
May 9, 2022 18:07
|
|
|
I don't even lock my phone. 
|
|
#
?
May 9, 2022 18:14
|
|
|
Presto posted:I don't even lock my phone. Mouse jiggler > yubikey
|
|
#
?
May 9, 2022 18:18
|
|
|
|
| # ? Apr 28, 2024 23:42 |
|
|
RFC2324 posted:Mouse jiggler > yubikey RFC2324 posted:Mouse jiggler > yubikey while(workinghours) { jiggled = again; }
|
|
#
?
May 9, 2022 18:26
|
|