Jed Agreed.
Tony On Saturday, December 8, 2018 at 9:32:27 AM UTC+11, Jed Carty wrote: > > Tony, > > Of course it is possible, but just because it is possible doesn't mean it > is useful. It is very easy for two factor authentication systems that are > improperly implemented to make the overall system less secure. The > definition Mario used is important, otherwise the added security is just an > illusion. Security questions about favourite pets and old schools are > mainly useful for locking people out of their own accounts. > > One of the easiest methods of gaining access to an account you are not > supposed to have access to is to compromise one form of communication, like > redirecting a cell phone signal or creating an email account that used an > old service that doesn't exist anymore, and then answering security > questions incorrectly enough times to trigger the recovery mechanism and > have the recovery password sent using the communication channel you control. > > It is very easy to do something that is supposed to make a system more > secure that actually makes it more vulnerable by increasing the size of the > exposed attack surface. > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/0939fac1-6db3-4640-911a-33fd7238a2a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
