On 8/29/23 3:16 PM, Rick Troth wrote:
And making it harder (more expensive) for the attacker (relative to his
ROI).
Some of it is also about making it more noisy and thus likely easier to
detect when something inappropriate is going on.
I've heard that some Chinese emperors purposely had floors designed
expressly so that they squeaked when you walked on them specifically so
that they could more easily hear when attackers were coming.
Door chimes can be annoying, but they do serve a purpose, especially
when they are unobtrusive.
YubiKey is part of that because it can become a new single point of
failure.
Ya.
I really hate the idea of needing to rely on an external party. Even
more so when that external party becomes a SPOF.
I want to host things myself.
Thankfully, YubiKey, as I've mentioned them, is fully self hosted and
doesn't rely on anything external beyond initial utility installation.
In all of this, one of the biggest overlooked thingies is new points of
failure. We forget that locking out bad guys kinda sucks for US when WE
suddenly look like one of the bad guys. (Machines cannot tell the
difference.)
#truth
This is not a slam on YubiKey.
Nope. It's an unpleasant fact about the situation.
It's an observation that our systems need failover factors and most
developers still don't think about that.
Agreed.
--
Grant. . . .
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
