undefined | Better HN

0 pointsXylakant6y ago0 comments

> (if you believe otherwise, I have some retina scanners to sell you...)

MFA with a U2F token would go a long long way. Even softU2F as github built might prevent this.

0 comments

umvi6y ago

It would help... for now. Like I said though - it will be expensive and onerous for both the employees and the company... and who knows what the next evolution in attacks will be.

No matter how good security gets, attackers will always adapt. Everyone on earth is now using YubiKeys? Now you need a process in place for when people get their keys lost or stolen. Or when your computer doesn't have a USB port. And whatever "I forget my password"-esque process that is will probably be much easier to attack/manipulate/social engineer than the keys themselves would be.

XylakantOP6y ago

Having to obtain a physical item is substantially harder to automate than credentials stuffing. Especially U2F which is a practical phishing protection and extremely hard to social engineer (you'd need to mail a token somewhere) should IMHO be default for admin interfaces with elevated privileges.

j / k navigate · click thread line to collapse

0 comments

umvi6y ago

It would help... for now. Like I said though - it will be expensive and onerous for both the employees and the company... and who knows what the next evolution in attacks will be.

XylakantOP6y ago

j / k navigate · click thread line to collapse