On Sat, May 14, 2022 at 12:42:28PM +0100, Brian wrote: > On Sat 14 May 2022 at 07:23:47 +0200, to...@tuxteam.de wrote: > > > On Sat, May 14, 2022 at 02:40:53PM +1200, Ash Joubert wrote: > > > On 13/05/2022 12:23, Nicholas Geovanis wrote: > > > > That's the value added in exchange for Ash's "massive pain in the arse". > > > > Just making the 1st factor be > > > > a loong password is not equivalent to 2FA in any way. Machine reaching > > > > back > > > > to you is the difference. > > > > > > There are attacks that 2FA can defeat, especially things like password > > > reset > > > via compromised email server, but in general, two weak factors are not a > > > match for a strong unique random password [...] > > > > [strong, unique, random] > > > > That's it. The unique part can't be stressed enough: if your have > > umpteen services out there, it's a matter of time until one of > > those passwords leak (incompetent service provider, phishing, > > etc.). It better be different from your other passwords. > > > > To minimise stress, I let a tool generate my passwords (pwgen). > > Important ones are 16 char (disk & backup encryption, bank account > > key armor, etc.), less important ones (e.g. local login) just 8. > > Let me introduce you to my bank: they reduced the maximum 20 chars > to 16 and did not allow some special chars such as "!" and ".". > Mind you, I feel much more secure - 3FA is used :).
Three? Why not go all the way to 5FA [1]? Cheers [1] https://boingboing.net/2005/09/14/gillettes-5blade-raz.html (not linking to the original Onion because their Javascript doesn't want to play with me) -- tomás
signature.asc
Description: PGP signature
