Ciao Tony & Mario I read Jed's comments with great interest. We talking here about TW at low scale and with precise and I assume clear procedure. I asked about Two Step Verification basically because various meltdowns of big systems I have used (Quora the latest) have caused me no end of trouble that if they had enforced it would have meant far less hassle. After reading Jed I'm not sure its needed. I think the point I missed before was I'd have direct control. Not that I don't like the idea of two step. Rather, I don't think now its absolutely essential.
Best wishes Josiah On Friday, 7 December 2018 23:15:30 UTC+1, TonyM wrote: > > Mario, > > I accept your formal definition here of multi-factor, it is helpful. > Clearly if the alternative factors come from two or more substantially > difference sources it contributes to the security. If however I use the > common English meaning of factor, "a circumstance, fact, or influence > that contributes to a result", it would be fair to consider what I said as > correct, the user must supply more than one "password", in this case one to > access the internet resource then one to decrypt the content of that > resource, in the additional case of the database connector, this value will > be stored inside the decrypted TiddlyWiki's session in your browser (not on > across the internet), but It could be passed in a secure database > connection. > > However separately from this argument surely it is possible to simply bolt > on a 2 factor authentication in place of the first password to an internet > resource? > > Regards > Tony > > On Saturday, December 8, 2018 at 1:49:41 AM UTC+11, PMario wrote: >> >> >> On Friday, December 7, 2018 at 12:38:53 PM UTC+1, TonyM wrote: >> ... >> >> If you place a tiddlywiki in a secure folder, with a long password on >>> https and then use the encryption in tiddlywiki you would be using two >>> factors. >>> >> >> No offence intended. - Technically, this is only 1 factor 2 times >> >> Multi-factor authentication is defined as: >> >> 1) something the user and only the user *knows* >> 2) something the user and only the user *has* >> 3) something the user and only the user *is* >> >> add 1) eg: password >> add 2) eg: usb-token >> add 3) eg: fingerprint >> >> Pros and Cons are discussed in detail here: >> https://en.wikipedia.org/wiki/Multi-factor_authentication >> >> IMO The main problem is convenience and cost. Workflows, that create >> "real" security will cost something. That's a fact! ... At the moment our >> society trades convenience for security and cost. >> >> Everything needs to be free (as in free beer). >> >> In my opinion this mentality has to change. It's OK to use free (as in >> free speech) software / tools. ... But we need to become aware again, that >> our security will cost us something. Either convenience or money. >> >> Just some rants >> have fun! >> mario >> > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/ebd885d5-2fa2-46e5-845a-d31707ccd41f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
