2017-12-11 12:05 GMT+01:00 Stefan Krah <ste...@bytereef.org>: > https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_compromise > https://gist.github.com/peternixey/1978249 > > I'm pretty sure my long GitHub-only password is more secure than several > key-gen algorithms on smart cards ...
I wouldn't comment the attack on RSA SecurID, but I disagree that a single password is stronger than password + OTP. The principle of the 2-factor auth is that the attacker has to break two auths rather than only one. So even if you break RSA SecurID, the hacker still has to break your ultra secure GitHub-only password ;-) Victor _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
