‘In a digital context, people are always acting through their computer. While we talk about authenticating a user, the thing that directly gains authority as a result of authenticating is that user’s computer. So if that computer is controlled by an attacker, the authentication system is moot.’
Conversation
Notices
-
Embed this notice
John Spurlock (js@podcastindex.social)'s status on Sunday, 29-Dec-2024 11:50:37 JST 
John Spurlock
- Tim Chambers repeated this.
-
Embed this notice
John Spurlock (js@podcastindex.social)'s status on Sunday, 29-Dec-2024 11:50:36 JST
John Spurlock
‘Tackling the authentication problem does not solve all security issues, but many security issues are authentication problems, so better authentication systems are necessary part of fixing the world.
WebAuthn, the subject of this book, is such a system.’
https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 29-Dec-2024 12:10:29 JST 
Rich Felker
@js The opening sentence, "Passwords are rubbish," excludes every person for whom "something you have" is not viable: refugees crossing borders, unhoused persons, children of abusive parents, adults with abusive partners, ...
"Mandatory 2FA is rubbish." would be a better start.
Haelwenn /элвэн/ :triskell: likes this.
All GNU social JP content and data are available under the