General > General Technical Chat
A new chapter in "C was a mistake", courtesy of Samsung
<< < (3/4) > >>
mendip_discovery:
I have always had concerns about 2FA as it just turns the phone into the next point to attack.

Criminals are similar to a Virus, the most successful ones are good at evolving.

tom66:
2FA in general is a good idea.  2FA by SMS is not a good idea (except as an enhancement to 1FA, but only just.)

I've noticed a fair few banks are moving away from it and using additional means of authentication, e.g. touch ID built into the phone.
shapirus:
So, someone chops off his finger with an axe. Terrible!
Conclusion? Axes aren't safe.
Solution? Let's begin making axes from silicone instead of steel so nobody can chop their fingers off anymore.
mendip_discovery:

--- Quote from: tom66 on March 18, 2023, 01:02:43 pm ---2FA in general is a good idea.  2FA by SMS is not a good idea (except as an enhancement to 1FA, but only just.)

I've noticed a fair few banks are moving away from it and using additional means of authentication, e.g. touch ID built into the phone.

--- End quote ---

2FA is good but it is in no way as strong as people are led to believe. I know an engineer involved in SIM card level stuff and I nodded as he went off on a RANT about the insecurities SMS 2FA came up.

The issue is if they make the security such a faff then people will not use it. I don't like using the SMS system of 2FA just because I don't like giving every website my mobile number, which can be used to link my identity between sites and if one site leaks then the criminals now have my number to bombard with scam texts. I already get annoyed when I have to go downstairs and find the landline just so I can get a code to log into a website.

There will always be avenues of attack, either it being Social, Software or physical. Let us just hope we don't go back to physical being the only option.
Marco:

--- Quote from: shapirus on March 18, 2023, 01:11:38 pm ---So, someone chops off his finger with an axe.

--- End quote ---

I've probably said it before, but I'll say it again. Languages like Rust and Ada Spark are more like sawstops on table saws. For some types of wood you have to turn it off, when you do it's a plain old finger eating tablesaw.

Though in C's case it's an American tablesaw, even the guard removed from the start and never put back.


--- Quote from: mendip_discovery on March 18, 2023, 01:55:01 pm ---Let us just hope we don't go back to physical being the only option.

--- End quote ---

The future will probably be secure enclaves + pin/bio, with only presence detection after an initial authentication for "common" logins. With a master password to copy your logins to a new secure enclave.

Except at the most paranoid levels, which will stick with physical U2F + pin/bio.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod