undefined | Better HN

0 pointsuser59944619y ago0 comments

Still need a secret to access the secret store... so steal the secret then steal the secrets in the store.

I fail to see how it is secured. (Though, I can understand that it is less bad than a YOLO policy).

> Many organizations get pretty close -- I'm told that the DoD pretty much authenticates everything with smart cards, for example.

I've been at a place with RSA SecurID (smart card and OTP) + active directory account as SSO authentication for everything (use one or both for 2FA). It was nice and well done.

0 comments

lvh9y ago

You made that point elsewhere in the comments; and I replied to it there; for the benefit of other people wondering why a secret store _isn't_ just robbing Peter to pay Paul: https://news.ycombinator.com/item?id=13224802

j / k navigate · click thread line to collapse

0 pointsuser59944619y ago0 comments

Still need a secret to access the secret store... so steal the secret then steal the secrets in the store.

I fail to see how it is secured. (Though, I can understand that it is less bad than a YOLO policy).

> Many organizations get pretty close -- I'm told that the DoD pretty much authenticates everything with smart cards, for example.

I've been at a place with RSA SecurID (smart card and OTP) + active directory account as SSO authentication for everything (use one or both for 2FA). It was nice and well done.

0 comments

lvh9y ago

j / k navigate · click thread line to collapse